What is the best way to implement a 'Forgot your Password?' page?

Question

I am using the Membership features in ASP .NET 2.0. I was wondering how I would implement a Forgot your password page when my application is configured to allow only authenticated users. Right now the only page that can be accessed is the login page. I want un-athenticated users to be also allowed to access the forgot your password page. My web config is as follows:

  <authentication mode="Forms">
   <forms loginUrl="~/Authentication/Login.aspx"/>
  </authentication>
  <authorization>
   <deny users="?" />
   <allow users="*" />
  </authorization>

Answer 1

Add in an rule for your ForgotPassword.aspx page

   <location path="ForgotPassword.aspx">
    <system.web>
      <authorization>
        <allow users="*"/>
      </authorization>
    </system.web>    
  </location>

Answer 2

Add the following to your web.config to allow unauthenticated users to access the password recover page:

  <location path="RecoverPassword.aspx">
    <system.web>
      <authorization>
        <allow users="?" />
      </authorization>
    </system.web>
  </location>

Answer 3

Why not setup your ~/Authentication/Login.aspx page to handle a forgotten password based on a get request such as

http://[host]/Authentication/Login.aspx?recoverpw=true

That would keep your web.config simple and combine similar code in the same page