WSAT Not Protecting Pages on discountasp

I am new to using WSAT to protect a sample page in a directory named /Admin. When I try to access that test page under Admin directory, I am able to access it and not redirected to the login page. The same test application works well when I test it locally. Both the locally tested application and the application deployed in discountasp use the same root webconfig file and with the same database connection strings. Using the KB from discountasp, I correctly installed the aspnet membership database. I have been trying to debug this issue for the past two weeks before giving up and asking for help. Any help provided is greatly appreciated?

Here the webconfig file I placed under /Admin directory:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.web>
<authorization>
<deny users="*" />
</authorization>
</system.web>
</configuration>

 

I finally resolved my own problem the test page I was trying to access in the /Admin had an extension .htm, once I changed to .aspx and force to go through ASP.NET filter, the page can only be accessed by only users with proper access.