Restricting access to a directory

I have a subfolder in my project. I want only the users with roles to enter it.. how do i achieve it while redirecting the user to the login page..This is what i have so far in the webconfig in the subdirectory

(i have another web.config in the virtual directory of my project)

 <?xml version="1.0"?>
<configuration>

    <system.web>
      <authorization>
        <deny users="?"/>
        <allow 开发者_开发问答roles="Moderator"/>
        <deny users="*"/>
      </authorization>
    </system.web>

</configuration>

Edited, in the root web.config, add this to the bottom. No need for the second web.config then.

<location path="SubFolder">
  <system.web>
    <authorization>
      <deny users="?" />
      <allow roles="Moderator"/>
    </authorization>
  </system.web>
</location>