Forms authentication - Multiple login forms based on directory acc

Discussion in 'ASP .Net Security' started by Keltex, Jan 24, 2006.

  1. Keltex

    Keltex Guest

    I want to use ASP.NET 2.0 forms authentication for my new website. I have two
    different distinct types of user roles... "member" and "admin" each should
    have access to the /member and /admin directories respectively.

    I can make all that work, but the main question I have is with forms
    authentication it seems that you can only have ONE default login form for the
    entire application. (loginUrl="~/member/Login.aspx") What I would like is to
    be able to redirect the user to a different login form based on which area
    they are trying to access. For example if a user goes here
    /member/default.aspx and is not authenticated, they would be sent to
    /member/login.aspx. Likewise, if they are not authenticated and try to access
    /admin/default.aspx, they are sent to the login form at /member/login.aspx.

    I assume I need to handle via the AuthenticateRequest or
    PostAuthenticateRequest application events, but I have no idea where to
    start...

    Any ideas?

    - BK
    Keltex, Jan 24, 2006
    #1
    1. Advertising

  2. Hi,

    this is not possible. You can however detect in your login page from which
    area the user is getting forced to login - inspect the ReturnUrl query string.

    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > I want to use ASP.NET 2.0 forms authentication for my new website. I
    > have two different distinct types of user roles... "member" and
    > "admin" each should have access to the /member and /admin directories
    > respectively.
    >
    > I can make all that work, but the main question I have is with forms
    > authentication it seems that you can only have ONE default login form
    > for the entire application. (loginUrl="~/member/Login.aspx") What I
    > would like is to be able to redirect the user to a different login
    > form based on which area they are trying to access. For example if a
    > user goes here /member/default.aspx and is not authenticated, they
    > would be sent to /member/login.aspx. Likewise, if they are not
    > authenticated and try to access /admin/default.aspx, they are sent to
    > the login form at /member/login.aspx.
    >
    > I assume I need to handle via the AuthenticateRequest or
    > PostAuthenticateRequest application events, but I have no idea where
    > to start...
    >
    > Any ideas?
    >
    > - BK
    >
    Dominick Baier [DevelopMentor], Jan 24, 2006
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jéjé
    Replies:
    1
    Views:
    453
    =?Utf-8?B?Q293Ym95IChHcmVnb3J5IEEuIEJlYW1lcikgLSBN
    Oct 20, 2005
  2. Pascal Blanchard
    Replies:
    0
    Views:
    245
    Pascal Blanchard
    Aug 17, 2004
  3. Pascal Blanchard
    Replies:
    1
    Views:
    278
    Pascal Blanchard
    Aug 18, 2004
  4. Jéjé
    Replies:
    1
    Views:
    124
    Cowboy (Gregory A. Beamer) - MVP
    Oct 20, 2005
  5. Kyle Peterson
    Replies:
    13
    Views:
    277
    Kyle Peterson
    Dec 30, 2006
Loading...

Share This Page