You don't need to manage authentication in your web.config for MVC. Trying using the [Authorize]
attribute on your Controller classes and methods:
[Authorize] // everything here requires auth
public class AdminController()
{
public ActionResult Dashboard() { ... }
}
public class ReportController()
{
[Authorize] // only this method requires auth
public ActionResult SecretReport() { ... }
public View PublicReport() { ... }
}
// everything here is accessible
public class HomeController()
{
public ActionResult Index() { ... }
public ActionResult AboutUs() { ... }
public ActionResult ContactUs() { ... }
}
In ASP.NET MVC you can use [AllowAnonymous]
which allows you to do exactly that on a specific method