Forms Authentication & Virtual Directory

We're having trouble getting Forms Authentication to work with a virtual directory in IIS.

We have a main site, and then a microsite setup within a virtual directory. This mircosite has its own admin system within an "Admin" folder, which has authentication on it but currently it is not kicking in and the admin section is browsable by anyone.

The web.config with the admin folder has the following:

<?xml version="1.0"?>
<configuration>
    <appSettings/>
    <connectionStrings/>
    <开发者_如何学编程;system.web>
        <authorization>
            <deny users="?"/>
        </authorization>
        <customErrors mode="RemoteOnly" defaultRedirect="~/Admin/Error.aspx"/>
    </system.web>
</configuration>

Could anyone give me any clues as to why this might not be working?

Cheers!

What happens if you set this in the web.config at the root of your site instead:

<location path="MicroSite/Admin">
  <system.web>
    <authorization>
      <deny users="?"/>
    </authorization>
  </system.web>
</location>