authorising specific users to view certain pages (Web Config)

[davidrobin]

In 2310B course material (Developing MS ASP.NET apps using VS) it says.

The following code allows the user "Mary" access to a page

Code:

<location path=setup.aspx>
    <authorization>
        <allow users="Mary" />
    </authorization>
</location>

The text then states
Note It is not advisable to authorize users individually, because this process may disclose sensitive information if the Web.config file is stoled. In addition, hard coding users in the Web.config file is not a flexible approach because you cannot modify this information programmatically at runtime. Hard coding users in the Web.config file is suitable for testing purposes only.

So, If we have a page we only want one user to see how do we set up permissions to allow them.