How to disable security for an Action in ASP.NET MVC?

My requirement is that only the login page and the Register page should be accessible from anonymous users. I have created a new ASP.NET MVC project using the default template in VS2008.

After that I have enabled security adding this section to the web config:

<authorization> <deny users="?" /> </authorization>

Now the Register Action is not accessible anymore because of the security enabled. How I can do to disable security only for that Action?



You will want to use the Authorize attribute on your controller actions to restrict access at the Controller or Action level:



I would recommend you using the [Authorize] attribute to control which actions/controllers require authentication instead of using web.config. This way your authorization rules are less vulnerable to errors if you decide to modify your routes.


In context of ASP.NET MVC 4: you can enable authorization with the Authorize attribute on your controller classes, then disable for specific actions with the AllowAnonymous attribute.


  • Payum Bundle : How to change the view of capture action in symfony2
  • How to fetch the file list from gcs?
  • Error when trying to send an email using Gmail API in Java
  • How to get google-services.json from Developer console?
  • How to check disabled jobs with Jenkins server?
  • How to protect an asp:textbox from user input?
  • Uber API - requests endpoint cannot read read json
  • Aptana 3 remove bundle (jquery)
  • HttpListener.IsSupported is false on XP SP3
  • How do I retrieve the user information of a user authenticated with Apache's mod_ldap?
  • Enabling DTD support in Sql Server
  • Uncaught TypeError: $(…).select2 is not a function
  • How do I include a SWC in an AS2 Flash project?
  • GAE: Way to get reference to an HttpSession from its ID?
  • How to add a focus style to an editable ComboBox in WPF
  • Does Mobilefirst provide a provision to access web services directly?
  • How do I superscript characters in a UIButton?
  • Reading JSON from a file using C++ REST SDK (Casablanca)
  • FB SDK and cURL: Unknown SSL protocol error in connection to graph.facebook.com:443
  • Is my CUDA kernel really runs on device or is being mistekenly executed by host in emulation?
  • Different response to non-authenticated users and AJAX calls
  • jQuery show() function is not executed in Safari if submit handler returns true
  • Can Jackson SerializationFeature be overridden per field or class?
  • How to get a value (ex: baseURL) in every Karate feature?
  • How to recover from a Spring Social ExpiredAuthorizationException
  • javascript inside java/jsp code
  • WinForms: two way TextBox problem
  • SSO with signing and signature validation doesn't work
  • Invalid access key error using credentials redeemed from an amazon open id token
  • Circular dependency while pushing http interceptor
  • Is there a mandatory requirement to switch app.yaml?
  • How to disable jQuery.jplayer autoplay?
  • InvalidAuthenticityToken between subdomains when logging in with Rails app
  • Revoking OAuth Access Token Results in 404 Not Found
  • File not found error Google Drive API
  • IndexOutOfRangeException on multidimensional array despite using GetLength check
  • costura.fody for a dll that references another dll
  • Observable and ngFor in Angular 2
  • UserPrincipal.Current returns apppool on IIS
  • java string with new operator and a literal