web.config problems

I would like to put all my "admin" pages such as user login, default (protected page, send password, change password in an admin folder off the root directory. But if I have use the following deny user line in my web.config (which I place inside the admin folder)any link I have on a page to another admin page always defaults back to the login.aspx. For example: on my login.aspx page users should be able to click on the text "forgot password" or "change password" and be directed to the corresponding sendpassword.aspx or changepass.aspx pages within the admin folder. But when the text is clicked on it just diverts back to the login.aspx page. What am I doing wrong? many thanks

Hi, I have created a change password page and think I got the Update function correct but don't know how to write the "Sub button_onclick, if page is valid portion". I would like to be able to do the following: If page is valid: hide the form and create a success message. I think it would be something like the following but I don't exactly know where to put it. frmpassword.Visible = False lblUserMessage.Text = "Your password has been changed to " & strnewpass & "." If page is not valid I would like to insert a failure message - something like "could not change password, please contact administrator" Below is the update function itself. I am very much a beginner so any specific help would be greatly appreciated. many thanks Function UpdatePass(ByVal username As String, ByVal userpass As String) As Integer Dim connectionString As String = "Provider=Microsoft.Jet.OLEDB.4.0; Ole DB Services=-4; Data Source=C:\Inetpub\wwwr"& _ "oot\FAIBLogin\autores.mdb" Dim dbConnection As System.Data.IDbConnection = New System.Data.OleDb.OleDbConnection(connectionString) Dim queryString As String = "UPDATE [authors] SET [userpass]='@newpass' WHERE (([authors].[username] = @usern"& _ "ame) AND ([authors].[userpass] = @userpass))" Dim dbCommand As System.Data.IDbCommand = New System.Data.OleDb.OleDbCommand dbCommand.CommandText = queryString dbCommand.Connection = dbConnection Dim dbParam_username As System.Data.IDataParameter = New System.Data.OleDb.OleDbParameter dbParam_username.ParameterName = "@username" dbParam_username.Value = username dbParam_username.DbType = System.Data.DbType.String dbCommand.Parameters.Add(dbParam_username) Dim dbParam_userpass As System.Data.IDataParameter = New System.Data.OleDb.OleDbParameter dbParam_userpass.ParameterName = "@userpass" dbParam_userpass.Value = userpass dbParam_userpass.DbType = System.Data.DbType.String dbCommand.Parameters.Add(dbParam_userpass) Dim rowsAffected As Integer = 0 dbConnection.Open Try rowsAffected = dbCommand.ExecuteNonQuery Finally dbConnection.Close End Try Return rowsAffected End Function

thanks for you reply. The only way this works is if I change "FormsAuthentication.RedirectFromLoginPage(UserName.Text, false)" to Response.Redirect("default.aspx") don't understand why

thanks for the tip but it doesn't work. I added "admin/default.aspx" in the documents tab of the IIS site and moved it to the top. It still looks for the default.aspx file in the root directory