在 webconfig中location 不起作用

<system.web>
<authentication mode="Forms">
<forms loginUrl="login.aspx" name=".ASPXFORMSAUTH"/>
</authentication>
<authorization>
<allow users="*"/>
</authorization>
<compilation debug="true"/>

</system.web>
<location path="Default.aspx">
<system.web>
<authorization>
<deny users="?"/>
<allow roles="admin"/>
</authorization>
</system.web>
</location>

设置了default.aspx为起始页。运行 跳到了login.aspx页 输入帐号 登录后为什么可以跳到 default.aspx 。不是只有role为admin的才能进来吗。
login也代码是这样的。都弄了一天了，求大侠帮忙啊。
protected void Logon_Click(object sender, EventArgs e)
{
if ((UserEmail.Text == "aa") && (UserPass.Text == "aa"))
{
MessageBox.Show("dengru");
FormsAuthenticationTicket tickets = new FormsAuthenticationTicket(1,
UserEmail.Text,
DateTime.Now,
DateTime.Now.AddMinutes(1),
true,
"user",
FormsAuthentication.FormsCookiePath
);
string encTicket = FormsAuthentication.Encrypt(tickets);
Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName, encTicket));

Response.Redirect(FormsAuthentication.GetRedirectUrl(UserEmail.Text, true));

}
else
{
Msg.Text = "Invalid credentials. Please try again.";
}
}