I understand there are 2 ways of excluding pages from forms auth. Either by using another web.config file in the folder that has pages that need to be excluded or by using the location element
<location path="ExcludePage1.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
I have 20 pages scattered all around the web app, so I cannot create a separate web.config. However, due to the number of pages that need to be excluded, I would rather not want to add the location section for each of these pages.
Is there another option?
Unfortunately no. You can only specify one path per location element.
This is mainly due to the complexity of .config file inheritance (multiple possible web.configs and machine.config).