Restricting access to sub folders and files.


Jason Titcomb

Hello All,
I would like to restrict access to a folder and all it's sub-folders and
Using VS2005, ASP.NET 2.0, Forms Authentication, IIS6

The web.config in the root of the site has the following in the config and
it works.
It redirects a new user to the login page just fine.
<location path="Movies.aspx">
<deny users="?"/>

The Movies.aspx renders available movies to watch depending on the
The trouble is that if after watching the movie the user can see the url to
the movie.
If the user accesses the movie url directly it will bypass the
I would like to have the location in the web.config specify a folder,
sub-folders and all files.

I tried creating a web.config in the Movies folder as follows.
<allow users="?"/>
It seems that the documentation said that if the location did not specify a
path it would imply all child folders.
This does not work for me.
Any help would be appreciated.