This example illustrates how you may use .NET Forms-based Authentication to control access to a set of  web pages stored in a private folder on your web site.

The key is that the root folder of the site contains a web.config ASP.NET configuration file which has an <authentication> section within it. The  mode="Forms" element specifies that Forms-based Authentication is to be used to control access to any protected web pages on this site.

You can see that we have specified the page named login.aspx as the LoginUrl, so this is the page that will be loaded when a user attempts to access the application when they have not (yet) been authenticated. As you will see when you click Enter, the login.aspx  page uses APL code in login.dws  to authenticate the user.

The private folder also contains its own web.config file which contains an <authorization> section. The deny users="?" element specifies that only authenticated users may access web pages in this folder.

Note that if the same <authorization> section had appeared in the root web.config, all pages in the site would require authentication.