MVC3 Multiple Areas Different Authentication Methods

Question

I have the following structure for my web application:

In my root web config, not in the Areas/Admin/Web.Config I have the following:

  <location path="Areas/Admin">
    <system.web>
      <authentication mode="Windows"></authentication>
      <authorization>
        <deny users="*"/>
      </authorization>
    </system.web>
  </location>

I have my own authentication working on the main root of the web site no problems by using the [Authorize] tag.

Now for the Areas/Admin I'd like to use Windows Authentication.

In IIS (Server 2008 R2 Machine), I have the Admin folder configured as an application:

And when I click on Areas/Admin in IIS, under Authentication, I have Anonymous disabled, and Windows Authentication Enabled.

However, when I attempt to access this folder via the web site, it does not prompt me for my domain username/password. It just loads up the page.

If I go to www.website.com/Areas/Admin, it then prompts me for the username/password. But I need it to use the AreaRegistration, and have it prompt when I go to www.website.com/Admin.

I've been able to configure an entire site as Windows Authentication, and that works like a charm.

Any thought to lead me in the right direction? Or, if you need more information, please leave me a comment and I will be more than happy to give you what I can.

Answer 1

From doing research, I found that the only way to make this work, is to create a 2nd "admin" site which runs as an application under the main site. Doing so, allowed me to setup permissions on that site.