You create an ASP.NET application that contains confidential information. You use form-based authentication to validate users.
You need to prevent unauthenticated users from accessing the application.
How is this achieved?
A comma-separated list of user names that are denied access to the resource. A question mark (?) denies anonymous users and an asterisk (*) indicates that all user accounts are denied access. <deny users="?" />