Password-protect folder with web.config

Question

I have to password protect a directory on a Windows server. The page is supposed to show a list of files located in that directory. I don't have any previous knowledge (only worked with Apache before) so I've tried hacking something together by googling. (For someone who knows what they're doing I'm sure this will look ridiculous)

What I have right now is I get a login-popup but no password is working. We have a table in our SQL database for adminusers so either fetching user-login from there or having the login embedded in the config file is fine. All I need is the folder to be password-protected.

This is what I have right now in my web.config file that is located in the folder that is supposed to be password-protected.

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.web>
        <authentication mode="Forms">
            <credentials passwordFormat="Clear">
                <user name="test" password="test" />
            </credentials>
        </authentication>
        <authorization>
            <allow users="test" />
            <deny users="*" />
        </authorization>
    </system.web>
    <system.webServer>
        <directoryBrowse enabled="true" />
        <security>
            <authentication>
                <anonymousAuthentication enabled="false" />
                <basicAuthentication enabled="true" />
                <windowsAuthentication enabled="false" />
            </authentication>
        </security>
    </system.webServer>
</configuration>

Hopefully this is a simple problem and thanks in advance for any help! :)

Answer 1

Try this:

<configuration>      
    <system.web>      
        <authentication mode="Forms">      
            <credentials passwordFormat="Clear">      
                <user name="test" password="test" />      
            </credentials>      
        </authentication>      
        <authorization>      
            <allow users="test" />      
            <deny users="*" />      
        </authorization>      
    </system.web>      
    <location path="admin">
        <system.web>
            <authorization>              
                <allow roles="admin" />
                <deny users="*"/>
            </authorization>
        </system.web>
    </location> 
    <system.webServer>      
        <directoryBrowse enabled="true" />      
        <security>      
            <authentication>      
                <anonymousAuthentication enabled="false" />      
                <basicAuthentication enabled="true" />      
                <windowsAuthentication enabled="false" />      
            </authentication>      
        </security>      
    </system.webServer>      
</configuration>

You can encrypt the user information using something like this:

aspnet_regiis.exe -pef "sectionName" C:\Path\To\Your\Application