Configuring Authorization : Authorization « Authentication Authorization « ASP.NET Tutorial

If you add the web configuration file to SecretFiles folder, then unauthenticated users are blocked from accessing pages in the folder.
When Forms authentication is enabled, unauthenticated users are automatically redirected to the Login page.
The configuration file denies access to anonymous users. 
The ? symbol represents anonymous (unauthenticated) users.

? Represents unauthenticated users.
* Represents all users (unauthenticated or authenticated).

File: SecretFiles\Web.Config


        <deny users="?"/>


21.2.1.Configuring Authorization
21.2.2.Assign a particular username, or comma-delimited list of usernames, to the deny element
21.2.3.Authorizing by Role
21.2.4.Authorizing Files by Location
21.2.5.Use the location element to apply configuration settings to a particular subfolder