Hi,

Is it possible to use different authentication modes in the same 
application.

i.e. A site that contains a shopping cart might want it's initial home 
page and contact us page to require no validation but it's shopping cart 
checkout pages might require forms authentication.

If I enable forms authentication this means that all aspx files will 
require a forms login before they can be accessed.

I do not want to make the home page .htm or .html as it must carry out 
other asp.net functionality.

Is the correct solution to allow anonymous access in the root directory 
and then place all pages requiring authentication in a sub folder with 
it's own web.config file that requires forms authentication?

If this works will application and session variables be carried through 
from non-authenticated pages to authenticated pages and vice-versa?

thanks,

Nick