<?xml version="1.0"?>
<configuration>
	<connectionStrings>
    <!--
    This connection is inherited from the ASP.NET Quickstart Web.config file
    Uncomment this section to edit the sample locally

    <add name="ASPNETDB" connectionString="Server=(local)\SQLExpress;Integrated Security=SSPI;Database=aspnetdb"/>

    -->
	</connectionStrings>
	
	<system.web>		
		<authentication mode="Forms">
			<forms	name=".ASPXAUTH" 
					loginUrl="Login.aspx" 
					protection="All" 
					timeout="30" 
					path="/"
					requireSSL="false" 
					slidingExpiration="true" 
					defaultUrl="Login.aspx" 
					cookieless="UseCookies" 
					enableCrossAppRedirects="false"/>
		</authentication>
		
		<membership defaultProvider="QuickStartMembershipSqlProvider" userIsOnlineTimeWindow="15">
			<providers>
				<add
					name="QuickStartMembershipSqlProvider"
					type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" 
					connectionStringName="ASPNETDB" 
					enablePasswordRetrieval="false" 
					enablePasswordReset="true" 
					requiresQuestionAndAnswer="true" 
					applicationName="SecurityQuickStart" 
					requiresUniqueEmail="true" 
					passwordFormat="Hashed"/>
			</providers>
		</membership>
		
		<roleManager 
					enabled="true" 
					cacheRolesInCookie="true" 
					defaultProvider="QuickStartRoleManagerSqlProvider" 
					cookieName=".ASPXROLES" 
					cookiePath="/"
					cookieTimeout="30" 
					cookieRequireSSL="false" 
					cookieSlidingExpiration="true" 
					createPersistentCookie="false" 
					cookieProtection="All">
			<providers>
				<add name="QuickStartRoleManagerSqlProvider" 
					type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" 
					connectionStringName="ASPNETDB" 
					applicationName="SecurityQuickStart"/>
			</providers>
		</roleManager>
		
		
		<pages theme="Default"/>
		<authorization>
			<allow users="*"/>
		</authorization>
	</system.web>

	<location path="secured">
		<system.web>
			<authorization>
				<deny users="?"/>
				<allow users="*"/>
			</authorization>
		</system.web>
	</location>
	
	<location path="administrators_role">
		<system.web>
			<authorization>
				<allow roles="Administrators" />
				<deny users="*"/>
			</authorization>
		</system.web>
	</location>
</configuration>
