Like the title states - I have a web.config file that looks like, <?xml version="1.0" encoding="UTF-8"?> <configuration> <system.web> <compilation debug="true" targetFramework="4.0" /> <authentication mode="Forms"> <forms name="login" protection="All" timeout="30" loginUrl="login" defaultUrl="~/"> <credentials passwordFormat="Clear"> <user name="admin" password="password" /> </credentials> </forms> </authentication> <authorization> <deny users="?" /> </authorization> </system.web> </configuration> I want to do exactly what it says it should do... I want to deny all users who try to enter the site. It works however, it redirects to a "Account/Login?ReturnUrl=%2flogin" url I have never heard of... Is there a place I can change this?