<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
根目录下的web.config:
<authentication mode="Forms">
<forms loginUrl="~/admin/login.aspx" name="login" />
</authentication>
<authorization>
<allow users="*" />
</authorization>