I have two portions of a website I am working on: one that uses normal forms authentication and another that uses an HMAC-based authentication. The forms based one works just as normal (except using a custom membership provider).
The most frustrating thing is that by default, if one decides to use the forms authentication it redirects all 401 responses to the loginUrl specified in the root Web.config under the authentication tag. In an effort to turn this off for the HMAC portion of my site I have created a separate area that those controllers live in. However, no matter where I put a <authentication mode="None"></authentication>
tag (whether it be in the area/views Web.config, a Web.config I have placed in the area folder, or under a location tag in the root Web.config (doing that actually causes an error about that tag not belonging there)) I cannot seem to make this thing stop redirecting all 401s to the loginUrl.
Any assistance would be greatly appreciated as this is making me tear my hair out.
By the way, this question has been asked different ways at least 2 times with no (viable) responses. While mine focuses on setting the authentication mode to None,theirs generally focused on changing roles for paths (which in my opinion is easier to do with the [Authorize(Roles="role1,role2,role3")]
attribute on each method) which makes my question a little different. If this is impossible, please also tell me so that I can figure out a better way to do this.