How to lock down paths in ASP.NET MVC?
Take a look at Securing your ASP.NET MVC 4 App and the new AllowAnonymous Attribute. You cannot use routing or web.config files to secure your MVC application (Any Version). The only supported way to secure your MVC application is to apply the Authorize attribute… Quote MVC uses routes and does not map URLs to physical … Read more