All of us would agree that ASP.NET Forms Authentication is very useful and effective in implementing a Form based authentication for websites.
With the methods and properties it provides, it becomes quite easy for us to implement authentication (contrary to the classic asp, where one has to write chunk of codes individually in all the pages)
Login Page and Registration Page
Well, all of us would have a login.aspx which would be the default login page for the app and any unauthorised request for other pages, would redirect to the Login Page.
However, we would like to have a Registration page, in case the user is not a registered user to which he can go from the login page. So, we provie a link called "Register" so that new users can register.
Since we have implemented Forms Authentication for the website, even the Register.aspx page would require logging in. To avoid the Registration page from falling under authentication, a little tweaking is required in the web.config file.
Excluding Registration, Forgot Password pages
In the web.config file where we declare the authentication mode=forms, the following set of tags need to be there
<allow users="*" />
This would make the Register.aspx page available to anonymous users.
Same way we can also provide for Forgot Password page, if any.
This article discussed on how we can exclude certain pages from being protected while implementing Forms Authentication.