I have a log in page which is the home page so is located at http://www.domainname.com

when someone goes to this page it adds a returnurl to the string so they are at:

http://www.domainname.com/default.aspx?ReturnUrl=%2f so when they log in they get returned to http://www.domainname.com/, which is the login page again, so to access the site they have to login twice.

Does anyone know how to fix this? I think a fix to this would be to allow everyone access to the home page – http://www.domainname.com/ as well as http://www.domainname.com/default.aspx but i’m not sure how to acheive this.

I want all user roles to be denied access to every page apart from the home page before they login, i also have an admin/cms section that only Admin roles can access but everyone can access the cms login page.

I currently have this in my web.config

        <authentication mode="Forms">
        <forms protection="All" loginUrl="default.aspx" defaultUrl="~/home/" />
    </authentication>
    <authorization>
        <allow roles="Admin, User"/>
        <deny users="?" />
    </authorization>

    <location path="default.aspx">
    <system.web>
        <authorization>
            <allow users="*" />
        </authorization>
    </system.web>
</location>

<location path="cms/default.aspx">
    <system.web>
        <authorization>
            <allow users="*" />
        </authorization>
    </system.web>
</location>

<location path="cms">
    <system.web>
        <authorization>
            <allow roles="Admin"/>
            <deny users="*"/>
        </authorization>
    </system.web>
</location>