看来你在编写 authorization 元素时有错误的顺序，必须先声明 allow 部分以允许某些用户在拒绝其他一切之前担任某些角色.

因此，由于在允许定义的用户之前拒绝所有用户解析，因此以下构造是错误的:

<system.web><授权><deny users="*"/><allow users="domainuser1, domainuser2, domainuser3"/><允许角色=域角色1，域角色2"/></授权></system.web></位置>

正确的顺序应该是这样的:

<system.web><授权><allow roles="role1, role2"/><allow users="user1, user2, user3"/><deny users="*"/></授权></system.web></位置>

在参考部分，Guru Sarkar 解释了问题所在:

常见错误

我看到有人抱怨他们设置了自己的角色正确并进入了他们的 web.config 但仍然是他们的授权不起作用.即使他们允许访问他们的用户无法访问特定页面/文件夹的角色.常见的原因因为这是将 放在 之前.由于授权是从上到下进行，因此会检查规则，直到找到匹配项.

参考:

在 web.config 中为特定页面或文件夹设置授权规则

I've tried all manner of variations in trying to restrict access to a folder, from the simplest of denying access to all users and just granting access to myself to trying a combination of roles/users etc. In particular, the folder has a mix of aspx and html files.

Can anyone assist? Here's pretty much what I have based on other similar questions:

<configuration>
    <system.web>
       <!-- mode=[Windows|Forms|Passport|None] -->
       <authentication mode="Windows" />
    </system.web>
  <system.webServer>
    <handlers>
        <add name="HTMLHandler" type="System.Web.StaticFileHandler" path="*.html" verb="GET" />
    </handlers>
  </system.webServer>
    <location path="AdminOnly">
        <system.web>
            <authorization>
            <deny users="*" />
            <allow users="domainuser1, domainuser2, domainuser3" />
            <allow roles="domain
ole1, domain
ole2" />
            </authorization>
        </system.web>
    </location>
</configuration>

EDIT The solution has presented at last.

It was a combination of understanding the authorization segment (thanks to Tetsuya for the helpful tip in relation to ordering authorization rules), including the handler segment and also configuring the application pool for managed code.

Seems you have wrong order in composing authorization element, the allow part must be declared first to allow certain users in certain roles before denying everything else.

So, this construction below is wrong due to denying all users resolved before allowing defined users:

<location path="AdminOnly">
    <system.web>
        <authorization>
        <deny users="*" />
        <allow users="domainuser1, domainuser2, domainuser3" />
        <allow roles="domain
ole1, domain
ole2" />
        </authorization>
    </system.web>
</location> 

The correct order should be like this:

<location path="AdminOnly">
    <system.web>
        <authorization>
        <allow roles="role1, role2" />
        <allow users="user1, user2, user3" />
        <deny users="*" />
        </authorization>
    </system.web>
</location>

In the reference section, Guru Sarkar explains what goes wrong:

Common Mistakes

I have seen people complaining that they have setup their roles correctly and also made entry to their web.config but still their authorization doesn't work. Even they have allowed access to their role that user cannot access particular page/folder. The common reason for that is placing <deny../> before <allow ../>. Since the authorization is done from top to bottom, rules are checked until a match is found.

Reference:

Setting authorization rules for a particular page or folder in web.config