I want to use authorization in the web.config to block access to SignUp.aspx to authenticated users. It cannot be accessed by user such as their roles is administrator and Guest.
<location path="SignUp.aspx">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>
<authentication mode="Forms">
<forms name="AuthCookie" loginUrl="Login.aspx" timeout="60"
defaultUrl="Index.aspx"/>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
<authorization>
<allow users="?"/>
<deny users="*"/>
</authorization>
Can't actually validate it now but it should do the trick. The explicit denial of all other users should allow only unauthenticated users allow the page.