When you said that you can "organize your content in folders representing different level of security", do you mean, multiple web applications (virtual directories)? or folders withing the same web application?. I understand that you can have only ONE web.config located at the ROOT of your web application (virtual directory). Could explain me a little bit more your approach.
Having the <allow users="?"/> is going to allow ALL unauthenticated users to get access to ALL pages, which actually defeats the purpose of using these feature!
What I'm trying to do is have a <deny users="?"/>, but at the same time ALLOW access to anybody to non restricted pages, I was thinking that the way to do this will be having some kind of property set a the page level to specify that the page is not checking authentication or something like. This will give flexibility to mix pages that requires authentication and some others that not.
Thanks
----- Joseph E Shook [MVP - ADSI] wrote: -----
Search the help files for the <location> element.
It lookes something like this
<location path="Logon.aspx"><system.web><authorization><allow users="?"/></authorization></system.web></location>
Usually if you can organize your content in folders representing
different level of security and creating a web.config file for each of
these you are better off, but the Location element will give you the
ultimate flexibiltiy and even more chances to forget to secure something