I have a folder named "app" I want to block access to all files if the user is not logged in.
I tried this way:
<location path="app">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
But if I access /app/file.xyz it accesses ...