asp.net的登陆验证

  //创建身份验证票
            FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, model.LoginId,
                DateTime.Now, DateTime.Now.AddDays(1), false, "");
            string name = FormsAuthentication.FormsCookieName;
            string value = FormsAuthentication.Encrypt(ticket);//对身份验证票加密
            HttpCookie cookieAuth = new HttpCookie(name, value);
            Response.Cookies.Add(cookieAuth);

            string str = HttpContext.User.Identity.Name;
            HttpCookie cookieLoginid = new HttpCookie("loginid");
            //登录成功

//注销登陆
   FormsAuthentication.SignOut();

主web.config  
 <system.web>
      <compilation debug="true" targetFramework="4.5" />
      <httpRuntime targetFramework="4.5" />
      <authentication mode="Forms">
        <!--表单身份验证-->
        <forms name=".auth" loginUrl="~/user/login.do" defaultUrl="~/product/list.do"   timeout="600" slidingExpiration="true"></forms>
      </authentication>
      <authorization>
        <allow users="*"/>
      </authorization>
    </system.web>
  <location path="cart">
    <!--设置路径以cart开头的页的访问权限-->
    <system.web>
      <authorization>
        <deny users="?"/>
      </authorization>
    </system.web>
  </location>

子文件夹web.config

<?xml version="1.0" encoding="utf-8"?>
<configuration>
    <system.web>
      <authorization>
        <deny users="?"/>
      </authorization>
    </system.web>
  <location path="">
    <system.web>
      <authorization>
        <allow users="*"/>
      </authorization>
    </system.web>
  </location>
</configuration>