ASP.NET MVC Forms authentication and unauthenticated controller actions

Question

I have a ASP.NET MVC site that is locked down using Forms Authentication. The web.config has

Answer 1

Instead of securing all resources on your website by default and then looking for a way to provide anonymous access for individual resources, you're probably better off taking the opposite approach. Don't specify authorization rules in your web.config, then use Authorization filters (see Mickel's answer) to secure individual controllers and/or actions.