https://stackoverflow.com/questions/16699051
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianBy doing this your only allowing users to visit pages (other than the login page) if they have logged into your site.
Direct from MSDN:
Forms authentication lets you authenticate users by using your own code and then maintain an authentication token in a cookie or in the page URL. Forms authentication participates in the ASP.NET page life cycle through the FormsAuthenticationModule class. You can access forms authentication information and capabilities through the FormsAuthentication class.
By setting a loginUrl in the web.config you're instructing your app that the login page is ok to visit for anonymous users. If the user tries to visit a page OTHER than the loginUrl then they will be redirected TO that loginUrl.
Quite often a site would use both anonymous as well as forms. Anonymous to allow visiting of public pages and the forms auth to hide the pages from those not logged into your website.
It's great to use (forms auth) if you're using the ASP.Net Membership and login controls along side, though if you don't plan on using these then you won't need to worry about Forms Authentication as you can build your own method of letting users gain access.
So all that's to say, if you want to lock it all down bar one page, then set a loginUrl in your web.config
<authentication mode="Forms">
<forms name="myLogin" loginUrl="/Login.aspx">
</forms>
</authentication>
