VS2008, MM3.5, ASP.Net

I have asked a similar question before a few months ago. I have used the mm security successfully in windows but not so well in ASP. It works except I cannot seem to restrict the /Admin folder.

If I set a deny users="?" in a web config in the admin folder than you can never to get to it even if logged in. The users don't seem to be cached the same as the ASP model and therefore aren't found. Because of the ASP redirect it causes you to constantly get redirected to the login even after you are logged in and never to the page you want to get to.

What I need is an Admin role that protects at a forms level including the admin forms in the admin directory.

Kevin, have you successfully done this and could you post an example of how to do it. It would be great if there was an sample ASP application that used security and took care of this. A while back you posted a url regarding forms authentication with roles but I could not get some of the code to work in the global.asax at all. In addition, it creates a admin role outside the framework roles.

Has anybody else successfully done this? If so, I would love to hear from you.
Thanks a bunch. I have three web apps on public servers that are not secured because of this.
Tim