User-1818759697 posted
Hi,
Yes, you could add the above settings within the web.config file to deny all the unauthenticate users to access to the apps folder. I have tested it and it works fine:
<location path="Apps">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>
Besides, if still could not work, you could tell us the testing environment, such as visual studio 2013 or 2012, OS system, and the created web template in visual studio.
Regards