Secure or a Security Hole, hardening your Area

What’s the best way to secure a MVC area from anonymous users? A customer on the MVC Forum asked this question. Several of the responses where horrifyingly wrong. The first suggestion was the traditional ASP.NET WebForms approach, add a web.config to the folder you want to restrict. MVC uses routes and does not map URLs to physical file locations like WebForms, PHP and traditional web servers.