<system.web>
  <authentication mode="Forms">
  <forms loginUrl="login.aspx" name=".ASPXFORMSAUTH"/>
  </authentication>
  <authorization>
  <allow users="*"/>
  </authorization>
  <compilation debug="true"/>
   
  </system.web>
  <location path="Default.aspx">
<system.web>
<authorization>
<deny users="?"/>
<allow roles="admin"/>
</authorization>
  </system.web>
  </location>

设置了default.aspx为起始页。运行 跳到了login.aspx页 输入帐号 登录后为什么可以跳到 default.aspx 。不是只有role为admin的才能进来吗。
login也代码是这样的。都弄了一天了，求大侠帮忙啊。
 protected void Logon_Click(object sender, EventArgs e)
  {
  if ((UserEmail.Text == "aa") && (UserPass.Text == "aa"))
  {
  MessageBox.Show("dengru");
  FormsAuthenticationTicket tickets = new FormsAuthenticationTicket(1,
  UserEmail.Text,
  DateTime.Now,
  DateTime.Now.AddMinutes(1),
  true,
  "user",
  FormsAuthentication.FormsCookiePath
  );
  string encTicket = FormsAuthentication.Encrypt(tickets);
  Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName, encTicket));

  Response.Redirect(FormsAuthentication.GetRedirectUrl(UserEmail.Text, true));
   
  }
  else
  {
  Msg.Text = "Invalid credentials. Please try again.";
  }
  }