I have been attempting to follow this blog to get Areas working:
http://mstechkb.blogspot.com/2010/10/areas-in-aspnet-mvc-20.html
In the blog post, it identifies the ability to have authentication set per Area, e.g.:
<location path="Area1">
<system.web>
<authentication mode="Windows" />
<authorization>
<allow roles="role1,role2"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
However, when I try to create this in a new project in Visual Studio 2010 I get the following error when I run:
It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS.
From what I can see this is because you cannot specify an authentication element unless it is in the top level web.config.
So it is possible to do what the blog post says? Can you have Areas with Authentication elements inside Location elements in the web.config?
What I have learnt about ASP.NET MVC, it's always better to set the authorization rules with [Authorization] attribute applied to individual controllers, because it is safer and more adequate considering the way routing system works.
来源:https://stackoverflow.com/questions/8176703/asp-net-mvc-3-areas-and-multiple-authentication-in-web-config