Excluding an action from authorization in ASP.NET MVC 2

I am using forms authentication in my ASP.NET MVC application. I want to the signup page from the authorization process. I know I can add a location tag in my main web.config file or create a new web.config inside the specific folder. But I just to exclude one specific action in the User controller. How do I do 开发者_Python百科it?

Do not use Web.config <location> authorization in an MVC application. Doing so will lead to security vulnerabilities in your web site.

Instead, use the [Authorize] attribute to control who has access to certain controllers or actions. (You can use the [Authorize] attribute on a controller's type if you want it to apply to all actions in that controller.)

More information:

• http://www.asp.net/mvc/tutorials/authenticating-users-with-forms-authentication-cs
• http://msdn.microsoft.com/en-us/library/system.web.mvc.authorizeattribute.aspx

Try this slick way to do it.

It adds the ability to exclude Controller-level filters from an action.

[ExcludeFilter(typeof(AuthorizeAttribute)]  
public ActionMethod DontAuthorize.....

Much easier!

You could also have created your own AllowWithoutAuthorisation attribute and decorated that ActionResult with it.

EDIT This is kinda untested but couldn't you do;

[Authorize(Users="*")]

EDIT 2

Or you could decorate each ActionResult with [Authorise] and ommit the one you want not to have authorised.

OK, I have got it.

What I did is, I created a separate controller for that action and added a location element in my web.config to allow anonymous access to that action.

This will allow all access to that controller without authentication.

Adding the [AllowAnonymous] attribute to the method (as recommended by Jeremy) worked for me as well.