ASP.net specific directory form validation _ Practical Tips

Just want to use this form validation to my website, this can also enhance the site's basic security.
This morning, came to the company to find information on the Internet, learning form validation, because I do the Web site framework has been designed, need to verify the background, all the files in the background under the Admin folder, that is to say, the so-called form validation is the file under Admin to verify the form. I found some information on the internet, all just said to the root directory files or folders to verify, also see can use <location path= "1111" > to eliminate, I will do the opposite.

Copy Code code as follows:

<authentication mode= "Forms" >
<forms loginurl= "aspx/default.aspx" defaulturl= "default3.aspx" ></forms>
</authentication>
<authorization >
<deny users= "*"/>
</authorization>
<location path= "Admin" >
<system.web>
<authorization>
<deny users= "?" />
</authorization>
</system.web>
</location>

This is my setup, I see whether it is to open the Web page to jump to the login.aspx, I think should be to set them separately, so, in the admin directory has created a new Webconfig file, to configure, but still the results of the above,
I do not know where the reason, the Internet to find information, did not find, find a master to ask, they also said the above method can be, but I here is not. I thought it was my project. On the issue, a new project was created, first tested, and later saw

Copy Code code as follows:

<authorization >
<allow roles= "" >
<deny users= "*"/>
</authorization>

There is a allow tag, but his middle roles is used to authenticate the identity, I can not use here, occasionally see the Allow tag under the users attribute, try to test it. Results ok!
And then it turned into

Copy Code code as follows:

<system.web>
<authentication mode= "Forms" >
<forms loginurl= "aspx/default.aspx" defaulturl= "default3.aspx" ></forms>
</authentication>
<authorization >
<allow users= "*"/>
</authorization>
</system.web>
<location path= "aspx" >
<system.web>
<authorization>
<deny users= "?" />
</authorization>
</system.web>
</location>

This completes a specific directory of a validation, this is busy a morning crystallization, write down to do a record, to prevent later forget!
In fact, I was added <allow users= "*" > such a sentence, the problem is solved! The meaning of this sentence is to allow all users to operate. What do you mean by deny= "*"?