My requirement is that only the login page and the Register page should be accessible from anonymous users. I have created a new ASP.NET MVC project using the default template in VS2008.
After that I have enabled security adding this section to the web config:
<authorization> <deny users="?" /> </authorization>
Now the Register Action is not accessible anymore because of the security enabled. How I can do to disable security only for that Action?
You will want to use the
Authorize attribute on your controller actions to restrict access at the Controller or Action level:
I would recommend you using the
[Authorize] attribute to control which actions/controllers require authentication instead of using
web.config. This way your authorization rules are less vulnerable to errors if you decide to modify your routes.