MSDN[
^]
Mixed Authentication[
^]
Check these links.
I have used the same in one of my project. I have set the default url to a separate area Admin. And in IIS I have set the Admin Area folder as Windows Authentication, but the root folder will have Anonymous authentication. When the deault url hits that is the Admin area, then it asks for windows authentication, else if not valid then goes back to forms authentication in which you can use Authorize attribute by customizing it.
i hope you understand. Follow the links they will also help you out.
Post back your queries if any.
thanks.