My ASP.NET MVC site requires forms-based authentication for some resources (downloads, discussion forum, etc). This works great with the [Authorize] attribute.
However, I need my admin site (`~/Areas/Admin/*) to authenticate against active directory.
With regular ASP.NET or classic ASP, I would just go into the IIS config and change the directory security to deny anonymous users. However, I can't figure out a way to do that with an area.
I know putting the [authorize] attribute on the controllers in my admin area would require a login, but it'll use the same forms-based authorization as the public areas of the site. Right now that authenticates users against a database (not using the ASP.NET Membership system as it's overkill for my app). I need users to authenticate against the domain, but ONLY in the Admin area.
Ideas?