How to disable security for an Action in ASP.NET MVC?

My requirement is that only the login page and the Register page should be a开发者_如何学运维ccessible from anonymous users. I have created a new ASP.NET MVC project using the default template in VS2008.

After that I have enabled security adding this section to the web config:

    <authorization>
        <deny users="?" />
    </authorization>

Now the Register Action is not accessible anymore because of the security enabled. How I can do to disable security only for that Action?

Thanks

I would recommend you using the [Authorize] attribute to control which actions/controllers require authentication instead of using web.config. This way your authorization rules are less vulnerable to errors if you decide to modify your routes.

You will want to use the Authorize attribute on your controller actions to restrict access at the Controller or Action level:

http://msdn.microsoft.com/en-us/library/system.web.mvc.authorizeattribute.aspx

In context of ASP.NET MVC 4: you can enable authorization with the Authorize attribute on your controller classes, then disable for specific actions with the AllowAnonymous attribute.