securing sub folders

I am writing a web app that has an admin section that I would like to secure. I have a main web config file where I set the authentication to forms and the path to the login file. I also have a config file in the admin folder with an authorization tag that has the "deny=?" field. with this I am authenticating from a database but when I type a correct username and password it will not go the the admin page it goes right back to the login page. does anybody have any ideas. I am using response.redirect as the instruction to display the admin page.