another question about security. I have a config.web file whose content is
the following:

<authentication mode="cookie">
<cookie cookie=".ASPXAUTH" loginurl="login.aspx"
<credentials passwordformat="clear">
<user name="testname" password="testpwd"/>
<deny users="?" />

<add key "connstring" value="connction string here" />

When I try to access any aspx file in the folder, I'm redireted to the login
page. Now, under the same folder I have an aspx file that I don't want to
required any login, because it only process an HTML form, it does anything
critical (DB administration) that required the authorization. Most of the
files in the folder are supposed for the admin, and so require a login, but
2 files are ASPX files for any user.

So, the question is: can I specifyy that those 2 files don't require a
login? I tought I could put the Admin files in a subfolder and put the
config.web file only in that subfolder, but the problem is that config.web
also contains some AppSettings value that must be accessibile from any file,
also those files that don't require login. So, if I put the files in a
different dire they won't be able to read the appsettings, and I don't want
to replicate the AppSettings values is possibile?

Any solution/advice?

Thank you
- gianni