Kindly use the following code. It may help.
Here "loginUrl" is the redirect url that will work only for those pages which need authentication. Onthe other hand the "defaultUrl" will allow the user to visit the normal pages. Here in my code the .aspx pages inside the admin folder of the root directory will be asked to login, if anyone requests any page in admin section.
<system.web>
<compilation debug="true" targetFramework="4.0" />
<authentication mode="Forms">
<forms timeout="30" loginUrl="login.aspx" defaultUrl="default.aspx" />
</authentication>
</system.web>
<location path="admin">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>