Look at your configuration again. You've told it that every URL in your application
except Index.aspx
,
Contactus.aspx
,
Blogdetails.aspx
,
Blog.aspx
and
Aboutus.aspx
requires authentication.
When you request the root of your application, the URL does not contain any of those pages, so the request requires authentication.
Change the configuration around, and deny anonymous access to the pages and folders you want to protect.
<system.web>
<machineKey ... />
<pages validateRequest="false" />
<authentication mode="Forms">
<forms name="MyAppCookie" loginUrl="~/Admin/Login.aspx" protection="All" timeout="120" defaultUrl="~/Admin/Default.aspx" />
</authentication>
</system.web>
<location path="admin">
<system.web>
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>
</system.web>
</location>
For folders, you could also create a
web.config
file within the folder with the authorization rules, without using the location element:
<configuration>
<system.web>
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>
</system.web>
</configuration>
NB: You should
never post your
<machineKey>
details to a public forum. Those are private encryption keys, which would allow anyone to hack into your site. You should change those keys ASAP!