The entire Movies CMS site is configured by a single web.config file. See below for the contents of the configuration file.

The authentication section (highlighted in bold) specifies that the web site should be authenticated using ASP.NET Forms authentication, and that the login url for the authentication process is located at Auth/login.aspx.

All users are allowed to use the website, as seen in the authorization section.

The appSettings section specifies the connection string for the application. As can be seen below, the connection string allows a pool of 50 connections, with a timeout of 60 seconds. It also specifies that the Administrator of the website is the user yyyyy.

Finally, the location section provides 2 security overrides, specifying that access to the /Audit and /Admin directory are only allowed to authenticated users only.

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
 <system.web>
    <compilation defaultLanguage="c#" debug="true" />
    <customErrors mode="Off" /> 
    <authentication mode="Forms">
      <forms loginUrl="Auth/login.aspx" />
    </authentication
    <authorization>
        <allow users="*" /> <!-- Allow all users -->
    </authorization
 </system.web>
 
     <appSettings>
        <add key="ConnectionString" value="Min Pool Size=1;Max Pool Size=50;Connection Timeout=60;" />
        <add key="Administrator" value="yyyyy" />
    </appSettings>

<location path="Admin">
    <system.web>
      <authorization>
        <deny users="?" /> <!-- Deny anonymous users -->
      </authorization>
    </system.web>
  </location>
<location path="Audit">
    <system.web>
      <authorization>
        <deny users="?" />  <!-- Deny anonymous users -->
      </authorization>
    </system.web>
</location>

</configuration>