I have two ASP.NET pages: site.com/foo/bar.aspx that should be world accessible and site.com/foo/baz.aspx that I want to password protect. I want any un-authenticated users to see a username/password page and then, once they pass that, I want them to see the real thing. I’m looking for the simplest possible solution (this looked good till it stated asking me to move things), even at the cost of flexibility.

What I’d love to see would be a control that does nothing if the user is authenticated and replaces “all” other controls with a login prompt if they aren’t.

I’m currently the only user who will have an account so I can go with a hard coded password list for now (and I’m more or less stuck with that as I wouldn’t have anywhere else to put it).

Using Greg’s answer I was able to make individual pages password protected. Using Joel Coehoorn’s Link I set it up to do Forms Authentication. From this page I’m using a custom Login logic that looks like this:

    Login1.Authenticate += new AuthenticateEventHandler(Login1_Authenticate);

    ...

    void Login1_Authenticate(object sender, AuthenticateEventArgs e)
    {
        e.Authenticated = (Login1.UserName == "user" && 
                           Login1.Password == "password");
    }

All of that put together seems to work fine. 🙂