Web.config: Wildcards in location and authorization

I don't believe you can place relative paths in the root web.config, but that isn't a concern. You can use the support of nested Web.Config files to your advantage.

You can place a web.config file similar to this in any of your sub directories (adjusting to suit the needs of that specific directory) and you'll get the support you seek. It is also a lot easier to maintain as the settings are closer to the code files they control.

<?xml version="1.0"?><configuration>    <system.web>      <authorization>        <deny users="*"/>      </authorization>    </system.web></configuration>

The overall configuration for authentication types, roles, etc. would be done in the web.config in your applications root directory. As a result, you can't set a separate login page per directory from this method, but you could have a login page that automatically handled a redirect when needed (by analyzing the ReturnURL QueryString value).

Looking at this post, you might be able to change the extension of your login page and do something like the following:

<system.webServer>  <security>    <requestFiltering>      <fileExtensions>        <add fileExtension=".login" allowed="true" />      </fileExtensions>    </requestFiltering>  </security></system.webServer>

I have not tried this, but it is perhaps something to attempt.