do as below, it will deny anonymous users access to the site
<configuration>
<system.web>
<forms defaulturl="Default.aspx" protection="All" cookieless="UseCookies" name="webaite1" loginurl="~/login.aspx" path="/"></forms>
<authorization>
<deny users="?" />
</authorization>
<compilation debug="false" strict="false" explicit="true" targetframework="4.0" />
</system.web>
</configuration>