web.config location tag

I'm looking to deploy a web app and I have a simple question about the <l开发者_运维问答ocation> tag of the web.config file. For the moment, I want all the pages to be password protected and I've created a simple login page with the login object. I've put all my .aspx file in a directory called AppMyPages and I've put this in the config file:

<location path="AppMyPages">

    <system.web>
        <authorization>
            <allow roles="tester" />
            <deny users="*" />
        </authorization>
    </system.web>

</location>

If I want to fully protect my site, do I need to do the same thing for all the other folders (AppCode, AppData, MyJavascripts, MyStylesheets, MyImages....)?

Thanks.

You don't have to do AppCode/AppData, but you need to be careful restricting the MyJavascripts/Stylesheets/Images if any of those resources are used on unauthenticated pages (e.g. Login page).