IIS, denying access to static files; What is wrong with this example?

Question

I am trying to get the simplest example of allowing access by default, denying access unless authenticated to specific directories in IIS, to work. When you Google around, every

Answer 1

it doesn't like the path "~/pages" . The following works for me

<configuration>
    <system.web>
        <authentication mode="Forms"/>
        <compilation debug="true" targetFramework="4.5.1" />
        <httpRuntime targetFramework="4.5.1" />
    </system.web>
    <system.webServer>
        <modules runAllManagedModulesForAllRequests="true"></modules>
    </system.webServer>

    <!-- note the change below -->
    <location path="pages" >
        <system.web>
            <authorization>
                <deny users="?"/>
            </authorization>
        </system.web>
    </location>
</configuration>