Note: This section is relevant for Forms Authentication only. When using Windows authentication you should rather use NTFS permissions on your Web files to restrict access to them.
If you need to restrict access to a specific area of your application only (such as for the "Administration" section or for particular pages only), modify your Web.config file:
Modify the /configuration/system.web/authorization section so that it contains the following text:
<authorization> <allow users="*" /> </authorization>
Add following text in the /configuration section (please note that you place the text outside the "system.web" section):
<location path="administration"> <system.web> <authorization> <deny users="?" /> </authorization> </system.web> </location>
Save the configuration file. Since now, all users can access the pages without being authenticated. However, only authenticated users can access the ASPX pages in the administration subfolder.
You can add any number of such sections into your Web.config file. You can even specify particular files instead of whole folders.