<?xml version="1.0" encoding="utf-8" ?>
<configuration>
    <!-- application specific settings -->
    <appSettings>
        <add key="ConnectionString" value="server=localhost;uid=sa;pwd=;database=store" />
    </appSettings>
    <!-- forms based authentication -->
    <system.web>
        <!-- enable Forms authentication -->
        <authentication mode="Forms">
            <forms name="IBuySpyStoreAuth" loginUrl="login.aspx" protection="All" path="/" />
        </authentication>
        <!-- enable custom errors for the application -->
        <customErrors mode="RemoteOnly" defaultRedirect="ErrorPage.aspx" />
        <!-- disable session state for application -->
        <sessionState mode="Off" />
    </system.web>
    <!-- set secure paths -->
    <location path="Checkout.aspx">
        <system.web>
            <authorization>
                <deny users="?" />
            </authorization>
        </system.web>
    </location>
    <location path="OrderList.aspx">
        <system.web>
            <authorization>
                <deny users="?" />
            </authorization>
        </system.web>
    </location>
    <location path="OrderDetails.aspx">
        <system.web>
            <authorization>
                <deny users="?" />
            </authorization>
        </system.web>
    </location>
</configuration>