Authorize attribute vs authorization node in web.config

Question

I know I can restrict the access to an ASP.NET MVC 3 application using the authorization tag in web.config

Answer 1

I know I can restrict the access to an ASP.NET MVC 3 application using the authorization tag in web.config

No, don't use this in ASP.NET MVC.

The question is: are they alternative and equivalent approaches?

No, they are not alternative. You should not use the <authorization> tag in web.config in an ASP.NET MVC application because it is based on paths, whereas MVC works with controller actions and routes. The correct way to do authorization in ASP.NET MVC is using the [Authorize] attribute.