ASP.NET Page Unauthorization for common pages

I am developing a web application which has form based authentication. All pages needs to be authenticated except AboutUs and ContactUs pages.

I configured everything correct except AboutUs and ContactUs pages. Since I am denying all users in authorization section, application is redirecting even if the customer browse AboutUs and ContactUs pages.

Configuration Rules

<authentication mode= "Forms">
<forms name=".ASPXAUTH" loginUrl="Login.aspx" timeout="20" protection="All" slidingExpiration="true" />
</authentication>
<authorization>
<deny users="?" />
</authorization>

Could you please let me know how can 开发者_如何学GoI tell asp.net to remove these pages for authorization??

Thanks, Mahesh

---

Try this:

<system.web>
    <authentication mode="Forms" >
        <forms loginUrl="login.aspx" name=".ASPNETAUTH" 
                           protection="None" path="/" timeout="20" >
        </forms>
    </authentication>
<!-- This section denies access to all files in this application except for 
     those that you have not explicitly specified by using another setting. -->
    <authorization>
        <deny users="?" /> 
    </authorization>
</system.web>
<!-- This section gives the unauthenticated user access to the AboutUs.aspx page 
     only. It is located in the same folder as this configuration file. -->
<location path="AboutUs.aspx">
    <system.web>
        <authorization>
             <allow users ="*" />
        </authorization>
    </system.web>
</location>
<!-- This section gives the unauthenticated user access to the ContactUs.aspx 
     page only. It is located in the same folder as this configuration file. -->
<location path="ContactUs.aspx">
    <system.web>
        <authorization>
             <allow users ="*" />
        </authorization>
    </system.web>
</location>