I have implemented forms authentication using the below mentioned code. My login URL is "Login.aspx". With these settings my site images do not get loaded on login.aspx.
However if I comment the authorization section the images are displayed.
<authentication mode="Forms">
<forms name="TBHFORMAUTH" defaultUrl="~/User/Default.aspx" loginUrl ="~/Login.aspx" cookieless="AutoDetect" />
</authentication>
<authorization>
<deny users="?" />
</authorization>
Why this behaviour?
You can add a separate Web.config file to the Images folder that does not need user control. The Web.config file should only contain the following to give full access:
<?xml version="1.0" encoding="UTF-8" ?>
<configuration>
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</configuration>
Another approach is if all pages that are limited by usercontrol are located in a sub folder (i.e. Users), then you can give full access in the main Web.config. and have a separate Web.config in the Users folder containing:
<?xml version="1.0" encoding="UTF-8" ?>
<configuration>
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>