I have a page that needs to be secured. I add [Authorize] attribute to that action method. if you are not logged in, you will be redirect to the login page everytime you visit that secure page.

it works except I rename logon action to login , but applicaiton still redirects user to logon action. its no long there, I rename it, how do I fix it?

In your Web.config file change the forms loginUrl.

<authentication mode="Forms">
  <forms loginUrl="~/Controller/Action" />
</authentication>

You need to set the loginUrl in the <forms /> element in Web.config.