In my development environment everything works as I expect. I can access all the pages and as soon as I get to a secured page I check the Request.IsAuthenticated and redirect to the login page if needed. The problems starts when I deploy the project under IIS7. When I access the site I'm being redirected to the login page (as defined in the web.config) although it suppose to be a public page... If I disable the Form Authentication in the admin console Request.IsAuthenticated always return true. So
How can I make IIS behaves like my ASP.NET development server?
p.s. I'm working with asp.net MVC
Probably you have authorization section in your web.config and it denies all requests for unauthenticated users. Check this article for some details about authorization section. And it will be better to allow access for unauthenticated users evidently by adding
<allow users="*" />
Probably there are some specific IIS authorization rules (IIS 7 introduces a new authorization mechanism). I recommend you to check all rules that are defined for application using IIS management tool (this article explains how to check them). And probably it'll be interesting and useful for you to check changes between IIS 6 and IIS 7 and IIS 7 url authorization feature in details.
Also I checked it on my box (windows 7). I created a simple asp.net mvc application and deployed it to IIS (version 7.5). And all was working as expected. Probably there are some restrictions on your server that are placed in the root config (a config in a root folder) or in machine.config.