Piut your login, register, and forgot password pages into a "login" folder, and set it's web.config to "allow all users":
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
Do remember that you should never store passwords in clear or encrypted - only as a salted hash, so your "forgot password" page should issue a temporary password to the registered email address, which lasts a short time only.