Default Login Page
Wait a minute, how does ASP.NET know that it should load the Login.aspx page to authenticate the user when the Checkout button is clicked, rather than the other pages?
Well, in ASP.NET 2.0, a page with the filename Login.aspx is deemed to be the login page when users try to access restricted folders (Members, in this case). This special name Login.aspx (plus many others) is "burned" into ASP.NET as a default.
The machine.config.default file (located in C:\WINDOWS\Microsoft.NET\Framework\<version>\CONFIG) contains all the default system-wide configuration settings. To see the default settings defined in machine.config.default, check the machine.config.comments file (also in the same directory) for details.
For example, the default settings for Forms authentication found in machine.config.comments are:
<forms name=".ASPXAUTH" loginUrl="login.aspx" protection="All" timeout="30" path="/" requireSSL="false" slidingExpiration="true" defaultUrl="default.aspx" cookieless="UseCookies" enableCrossAppRedirects="false" >
If you want to override the default settings, you should modify machine.config (for machine-wide configuration) or Web.config (for application-wide configuration). The rationale for splitting the original machine.config file into three different files is to reduce the size of machine.config and hence improve performance.