Application Root Directory Configuration File (Web.config)

You should set up the Web.config configuration file to have the following entries and place it in the application root directory (the directory in which Default.aspx resides).

<configuration>
    <system.web>

To set up the Web.config configuration file

1. Set the authentication mode to Forms. Other possible values are Windows, Passport, and None (empty string). For this example, it must be Forms.

           <authentication mode="Forms"> 
   

2. Set the form's authentication attributes.

               <forms
   

   1. Set the loginUrl attribute to logon.aspx. Logon.aspx is the URL to use for redirection if ASP.NET does not find a cookie with the initial request.

                  loginUrl = "logon.aspx"
      

   2. Set the cookie's name.

              name = "FORMSAUTHCOOKIE"/>
      

3. Deny unauthenticated users access to this directory.

           </authentication>
           <authorization>
               <deny users="?"/> 
           </authorization>
       </system.web>
   </configuration>
   

See Also

ASP.NET Web Application Security | Forms Authentication Using an XML Users File