I'm trying to create an anonymous controller in order to acheive form authentication. I configured my IIS 7 with anonymous and form authentication enabled and set my web.config to deny anonymous users. On the login controller I put the [AllowAnonymous] decoration on my controller (and my actions).
The only action I can get on this set of configuration is the login action (which returns the "login" view), and I'm guessing that the MVC allows me to get this action because I set it as the login URL on my web.config.
Here is my web config configuration:
<authentication mode="Forms">
<forms loginUrl="~/Login/Login" timeout="2880" />
All the other actions are redirected to the login action. On this set of configuration I can't achieve other important actions like restore password, register, etc.
What am I doing wrong?
Use global authentification filter with custom behaviour instead of authorization configuration in web.config (best for MVC)
add global filter
public class FilterConfig
public static void RegisterGlobalFilters(GlobalFilterCollection filters)
filters.Add(new AuthorizeAttribute());
Then, [AllowAnonymous] will works, and all other controllers and actions requires Authorization.