<configuration>
    <system.web>
        <authentication mode="Forms" >
            <forms loginUrl="login.aspx" name=".ASPNETAUTH" protection="None" path="/" timeout="20" >
            </forms>
        </authentication>
<!-- This section denies access to all files in this 
application except for those that you have not explicitly 
specified by using another setting. -->
        <authorization>
            <deny users="?" /> 
        </authorization>
    </system.web>
<!-- This section gives the unauthenticated 
user access to the ThePageThatUnauthenticatedUsersCanVisit.aspx 
page only. It is located in the same folder 
as this configuration file. -->
        <location path="ThePageThatUnauthenticatedUsersCanVisit.aspx">
        <system.web>
        <authorization>
            <allow users ="*" />
        </authorization>
        </system.web>
        </location>
<!-- This section gives the unauthenticated 
user access to all of the files that are stored 
in the TheDirectoryThatUnauthenticatedUsersCanVisit folder.  -->
        <location path="TheDirectoryThatUnauthenticatedUsersCanVisit">
        <system.web>
        <authorization>
            <allow users ="*" />
        </authorization>
        </system.web>
        </location>
</configuration>