ASP.Net: Authorization Question

I'm having some problems when I use ASP.Net 4 URL Routing when authorization rules are configured.

Global.asax

void Application_Start(object sender, EventArgs e) {
    RegisterRoutes(RouteTable.Routes);
}

private void RegisterRoutes(RouteCollection routes) {
    routes.MapPageRoute("dashboard", "", "~/Restricted/Default.aspx", true);
    routes.MapPageRoute("register", "register", "~/Register.aspx", true);
    routes.MapPageRoute("login", "login", "~/Login.aspx", true);
}

{Root} \ Web.Config

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.web>
        <authentication mode="Forms">
            <forms name="DevAuth" 
                   loginUrl="/login/" 
                   protection="All" 
                   path="/" 
                   timeout="15"
                   requireSSL="false" 
                   slidingExpiration="true" 
                   cookieless="AutoDetect" />
        </authentication>
    </system.web>
    <system.webServer>
        <security>
            <authentication>
                <basicAuthentication enabled="false" />
            </authentication>
        </security>
    </system.webServer>
</configuration>

{Root} \ Limited \ Web.config

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <security>
            <authorization>
                <remove users="*" roles="" verbs="" />
                <add accessType="Allow" roles="Developer" />
                <add accessType="Deny" users="*" />
            </authorization>
        </security>
    </system.webServer>
</configuration>

I ran into a problem:

• When I try to visit http: // localhost / - because of my dashboard rule in Global. asax, instead of being redirected to http: // localhost / login /? ReturnUrl =% 2f , I actually get the contents of http: //localhost/Restricted/Default.aspx .

• when I try to visit http: // localhost / Restricted / - they redirect me to http: // localhost / login /? ReturnUrl =% 2fRestricted is a good sign!

Any idea what is going on?

1

.

{Root}\Web.Config

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.web>
        <authentication mode="Forms">
            <forms name="DevAuth" 
                   loginUrl="/login/" 
                   protection="All" 
                   path="/" 
                   timeout="15"
                   requireSSL="false" 
                   slidingExpiration="true" 
                   cookieless="AutoDetect" />
        </authentication>
    </system.web>
    <system.webServer>
        <security>
            <authentication>
                <basicAuthentication enabled="false" />
            </authentication>
        </security>
    </system.webServer>
    <location path="login">
        <system.web>
            <authorization>
                <allow users="*"/>
            </authorization>
        </system.web>
    </location>
    <location path="register">
        <system.web>
            <authorization>
                <allow users="*"/>
            </authorization>
        </system.web>
    </location>
    <location path="">
        <system.web>
            <authorization>
                <deny users="*"/>
            </authorization>
        </system.web>
    </location>
</configuration>