You should set up the Web.config configuration file to have the following entries and place it in the application root directory (the directory in which Default.aspx resides).
<configuration>
<system.web>
To set up the Web.config configuration file
Set the authentication mode to Forms. Other possible values are Windows, Passport, and None (empty string). For this example, it must be Forms.
<authentication mode="Forms">Set the form's authentication attributes.
<formsSet the loginUrl attribute to logon.aspx. Logon.aspx is the URL to use for redirection if ASP.NET does not find a cookie with the initial request.
loginUrl = "logon.aspx"Set the cookie's name.
name = "FORMSAUTHCOOKIE"/>
Deny unauthenticated users access to this directory.
</authentication> <authorization> <deny users="?"/> </authorization> </system.web> </configuration>
See Also
ASP.NET Web Application Security | Forms Authentication Using an XML Users File