Login url after entering invalid credentials

Why is it when I am returned after entering invalid credentials, this long ugly url appears?

http://kingaccountingandtax.com/Login.aspx?ReturnUrl=%2fLogin.aspx%3fReturnUrl%3d%252flogin.aspx%26loginfailure%3d1&loginfailure=1

The user cannot login without a clean url at the login page:

http://kingaccountingandtax.com/Login.aspx?

If I attempt to enter the correct login credentials at the long ugly url it fails every time to log me in. The long url is returned every time.

This is really irritating. People don't understand that they have to get to a clean url to login. Why am I having this problem ?

When I attempt to login here as forums.asp.net with invalid credentials I get an error message in the login box and:

http://login.asp.net/login/signin.aspx?ReturnUrl=%2f%2fwww.asp.net%2f  

this appears in the browser window. Now on the 1st attempt to log back at this url with the CORRECT credential, I get logged in.  I don't need to get to a "clean url". So why is this the case? Why doesn't my login work like this website here?

Here's my complete web.config:

<?xml version="1.0"?>
<!--
    Note: As an alternative to hand editing this file you can use the
    web admin tool to configure settings for your application. Use
    the Website->Asp.Net Configuration option in Visual Studio.
    A full list of settings and comments can be found in
    machine.config.comments usually located in
    \Windows\Microsoft.Net\Framework\v2.x\Config
-->
<configuration>
  <appSettings>
    <add key="Appname" value="Kingaccountingandtax.com"/>
    <add key="AppPath" value=""/>
      </appSettings>
  <connectionStrings>
    <add name="sqlConnectionString" connectionString="Connect Timeout=8; Initial Catalog=CPA; Data Source=SCOT-PC\SQLEXPRESS;integrated security=true;" providerName="System.Data.SqlClient"/>
  </connectionStrings>
  <system.web>
    <!--
            Set compilation debug="true" to insert debugging
            symbols into the compiled page. Because this
            affects performance, set this value to true only
            during development.

            Visual Basic options:
            Set strict="true" to disallow all data type conversions where data loss can occur.
            Set explicit="true" to force declaration of all variables.
        -->
    <compilation debug="true" strict="false" explicit="true" targetFramework="4.0">
    </compilation>
    <pages controlRenderingCompatibilityVersion="3.5" clientIDMode="AutoID">
      <namespaces>
        <clear/>
        <add namespace="System"/>
        <add namespace="System.Collections"/>
        <add namespace="System.Collections.Generic"/>
        <add namespace="System.Collections.Specialized"/>
        <add namespace="System.Configuration"/>
        <add namespace="System.Text"/>
        <add namespace="System.Text.RegularExpressions"/>
        <add namespace="System.Linq"/>
        <add namespace="System.Xml.Linq"/>
        <add namespace="System.Web"/>
        <add namespace="System.Web.Caching"/>
        <add namespace="System.Web.SessionState"/>
        <add namespace="System.Web.Security"/>
        <add namespace="System.Web.Profile"/>
        <add namespace="System.Web.UI"/>
        <add namespace="System.Web.UI.WebControls"/>
        <add namespace="System.Web.UI.WebControls.WebParts"/>
        <add namespace="System.Web.UI.HtmlControls"/>
      </namespaces>
    </pages>
    <!--
            The <authentication> section enables configuration
            of the security authentication mode used by
            ASP.NET to identify an incoming user.
        -->
    
         <authentication mode="Forms">
        <forms name=".AUTHCOOKIE" path="/" loginUrl="~/login.aspx" timeout="60" defaultUrl="~/users/default.aspx" protection="All" requireSSL="false" slidingExpiration="true" enableCrossAppRedirects="false" cookieless="UseDeviceProfile" domain="">
        </forms>
      </authentication>
      <authorization>
        <allow users="*"/>
      </authorization>
    <!--
            The <customErrors> section enables configuration
            of what to do if/when an unhandled error occurs
            during the execution of a request. Specifically,
            it enables developers to configure html error pages
            to be displayed in place of a error stack trace.

        <customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">
            <error statusCode="403" redirect="NoAccess.htm" />
            <error statusCode="404" redirect="FileNotFound.htm" />
        </customErrors>
        -->
  </system.web>
  <location path="admin">
    <system.web>
      <authorization>
        <allow users="admin"/>
        <deny users="?"/>
      </authorization>
    </system.web>
  </location>
  <!--
        The system.webServer section is required for running ASP.NET AJAX under Internet
        Information Services 7.0.  It is not necessary for previous version of IIS.
    -->
</configuration>