Someone, please help!

I have a website is using forms authentication. A user must beauthenticated to access any part of the website. This workscorrectly except in a subdirectory that is actually a virtualdirectory set up in IIS. Users can never correctly access thefiles in the virtual subdirectory, whether authenticated or not,so it seems as if the subdirectory doesn't recognize the authticket.

Here is my web.config file:
-------------------------------------
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
>
<system.web>
<pages enableViewState="false"/>
<compilation defaultLanguage="c#" debug="true" />
<customErrors mode="RemoteOnly" defaultRedirect="/error.aspx"/>

<!-- AUTHENTICATION -->
<authentication mode="Forms">
<forms name="ProtectMe"
loginUrl="/login.aspx"
protection="All"
timeout="60"
path="/"
slidingExpiration="true">
</forms>
</authentication>

<!-- AUTHORIZATION -->
<authorization>
<deny users="?" />
</authorization>


<!-- APPLICATION-LEVEL TRACE LOGGING -->
<trace enabled="false" requestLimit="10" pageOutput="false"traceMode="SortByTime" localOnly="true" />


<!-- SESSION STATE SETTINGS -->
<sessionState
mode="SQLServer"
stateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString="data source=xxx;userid=xxx;password=xxx"
cookieless="false"
timeout="20"
/>

<!-- GLOBALIZATION -->
<globalization requestEncoding="utf-8"responseEncoding="utf-8" />
</system.web>
</configuration>
----------------------------------


If I add this to the web.config file, users can always get in.
<location path="vdocs">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>

What I would like is for users to be allowed access only whenthey are authenticated, as with the rest of the site. Doesanyone have any tips?

I've also tried <deny users="?" />, <allow users="?" />, <denyusers="*" />

Any help is greatly appreciated.

-----------------------
Posted by a user from .NET 247 ([url]http://www.dotnet247.com/[/url])

<Id>9RY45k2IEka7tYAdKrsfvA==</Id>