Non physical location authorization in IIS6

Question

I'm running an Asp.NET MVC 2 app under IIS 6. All pages are behind Windows Integrated Authentication except for some pages that accepts anonymous access.
We setup these pages in the web.config with the location element like this

<location path="MyPath/ToThePage">
    <system.web>
      <authorization>
        <allow users="*"/>
      </authorization>
    </system.web>
  </location>

Since this is an Asp.NET MVC app, the path indicated in the path attribute points to an action method not a physical location.
When this was running under IIS 7 integrated mode it was working fine. But when we switched to IIS 6 we get the login prompt even with the pages that are set to accept anonymous users.

How to make IIS 6 authorize anonymous access to non physical paths ?

Answer 1

If you are using a MembershipProvider you could simply use ActionFilter-tags for realizing your access-restrictions:

<Authorize()> _
Function NotAllowedSuccess() As ActionResult
    Return View(Base)
End Function

Would result in a restricted path... more infos:

• http://msdn.microsoft.com/de-de/library/sy​stem.web.mvc.authorizeattribute.a​spx (currently the website is offline... but maybe it's working later)
• Blog entry about customization