I created a new MVC Web Application (not the empty one -- the one with the Account controller stuff).
I created a new folder under Views and placed a new View in it.
I created a Controller for the Folder.
I created a web.config in the Folder and used this content:
<deny users="?" />
When I run the app, I can visit my new View even though I'm an anonymous user.
What gives? Do the web.config authorization rules not apply to MVC? Do I have to do something to the Controller or to the web.config or to the root web.config?
Help is appreciated.
View Complete Post