Thanks for that. I now have a web.config that works:
<?xml version="1.0" encoding="UTF-8" ?>
<forms name=".ASPXAUTH" loginUrl="admin/login.aspx" />
<allow users="?" />
<deny users="?" />
I assume with this setup you can only have one login page? i.e. you may have a folder called
poweruser that is restricted to power users and admin - I assume to do this you use roles?