Use Anonymous authentication in MVC4 on single controller when the whole application uses Windows Authenticaion


Add this to your Web.config. Here, my controller is named “WebhookController”.

<location path="Webhook">
      <allow users="*"/>

See this KB article for more info.

Edit – As Erik mentioned below, in MVC applications you should not use web.config <authorization> tags for security. Instead, use [Authorize] attributes. Doing so will allow your [AllowAnonymous] attributes to work correctly. You can read more about this here.


Additionally, configure IIS settings as follows:

Anonymous – Enabled
ASP.NET Impersonation – Disabled
Basic Authentication – Disabled
Digest Authentication – Disabled
Forms Authentication – Disabled
Windows Authentication – Enabled – HTTP 401 Challange



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s