<?xml version="1.0" encoding="utf-8" ?> <configuration> <!-- application specific settings --> <appSettings> <add key="ConnectionString" value="server=localhost;Trusted_Connection=true;database=xxxxx" /> </appSettings> <!-- forms based authentication --> <system.web> <!-- enable Forms authentication --> <authentication mode="Forms"> <forms name="IBuySpyStoreAuth" loginUrl="login.aspx" protection="All" path="/" /> </authentication> <!-- enable custom errors for the application --> <customErrors mode="RemoteOnly" defaultRedirect="ErrorPage.aspx" /> <!-- disable session state for application --> <sessionState mode="Off" /> </system.web> <!-- set secure paths --> <location path="Checkout.aspx"> <system.web> <authorization> <deny users="?" /> </authorization> </system.web> </location> <location path="OrderList.aspx"> <system.web> <authorization> <deny users="?" /> </authorization> </system.web> </location> <location path="OrderDetails.aspx"> <system.web> <authorization> <deny users="?" /> </authorization> </system.web> </location> </configuration>