关于web.config设置的问题
我在login.aspx中放了一个login控件，在login.aspx.cs中写了如下登录代码：

C# code

    protected void Login1_Authenticate(object sender, AuthenticateEventArgs e)    {        bool Authenticated = false;        Authenticated = SiteLevelCustomAuthenticationMethod(Login1.UserName, Login1.Password);        e.Authenticated = Authenticated;        if (Authenticated == true)        {            Response.Redirect("MainForm.aspx");        }    }    private bool SiteLevelCustomAuthenticationMethod(string UserName, string Password)    {        bool boolReturnValue = false;        ConnectionStringSettings cs = ConfigurationManager.ConnectionStrings["CS"];        string strConnection = cs.ConnectionString;        SqlConnection Connection = new SqlConnection(strConnection);        String strSQL = "Select * From 用户";        SqlCommand command = new SqlCommand(strSQL, Connection);        SqlDataReader Dr;        Connection.Open();        Dr = command.ExecuteReader();        while (Dr.Read())        {            if ((UserName == Dr["工号"].ToString()) & (Password == Dr["密码"].ToString()))            {                boolReturnValue = true;                Session["username"] = Dr["姓名"].ToString();                Session["role"] = Dr["角色"].ToString();            }        }        Connection.Close();        return boolReturnValue;

web.config中写了如下配置：

C# code

<?xml version="1.0"?><configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">    <appSettings/>    <connectionStrings>  <add name="CS" connectionString="Data Source=#######;Initial Catalog=DJS;Persist Security Info=True;User ID=sa;Password=******"   providerName="System.Data.SqlClient" /> </connectionStrings>    <system.web>    <compilation debug="true">        </compilation>        <authentication mode="Forms">   <forms name=".FormsAuthCookie" timeout="30" />  </authentication>        <authorization>            <deny users="?" />        </authorization>    </system.web></configuration>

为什么登陆的时候，不提示登录失败，但始终停留在登陆页面
如果把“<authorization>
<deny users="?" />
</authorization>
”这段去掉，能够登录，但是其他页面匿名用户也能访问了

应该怎么弄啊
？？

[解决办法]
<authentication mode="Forms">
<forms name=".FormsAuthCookie" timeout="30" />
<allow users="?" />
</authentication>


[解决办法]
看着也没配置错，不知道这个问题
[解决办法]

C# code

 if ((UserName == Dr["工号"].ToString()) & (Password == Dr["密码"].ToString()))//这应该是与的关系吧  你这是“异或”吧？            {                boolReturnValue = true;                Session["username"] = Dr["姓名"].ToString();                Session["role"] = Dr["角色"].ToString();            }