The web.config file in the root of your application can be used to determine the location of the login page - i.e. the page users are redirected to if they try to access a secured page. By default users are redirected to login.aspx in the root of the application. There is usually no need to change this.
If you do need to change the location of the login page:
<authentication mode="Forms" />
<authentication mode="Forms"> <forms loginUrl="ValidateUser.aspx"> </forms> </authentication>
authenticationelement is no longer self closing.