ASP.NET login authentication

[nicholas]

Hi,

Got an asp.net application and I use the "forms" authentication mode defined
in the web.config file.

Everything works fine.
But now I would like to add a second, different login page for the users
that go in a specific folder.
How can I do this?

I tried this:

my root web.config contains:
-----------------------------
<authentication mode="Forms">
<forms name="GLWEB.ASPXAUTH"
loginUrl="login.aspx"
protection="All"
timeout="500"
path="/"
/>
</authentication>

<authorization>
<allow users="*" />
<deny users="?" />
</authorization>
-----------------------------

But for the folder /members I want another login page, so I inserted this in
the web.config in the folder /members:
-----------------------------
<authentication mode="Forms">
<forms name="GLWEB.ASPXAUTH"
loginUrl="/members/login.aspx"
protection="All"
timeout="500"
path="/"
/>
</authentication>

<authorization>
<allow roles="member" />
<deny users="*" />
</authorization>

 

[Ken Dopierala Jr.]

Hi,

What I do is I use one login page but then I create <location> tags. These
tags specify which users in which roles get to access pages in specific
folders. Be sure to assign roles to your users when they login. For
example:

<location path="Members/Administrator">
<system.web>
<authorization>
<allow roles="Administrator"></allow>
<deny users="*"/>
</authorization>
</system.web>
</location>


<location path="Members/Registered">
<system.web>
<authorization>
<allow roles="Registered"></allow>
<deny users="*"/>
</authorization>
</system.web>
</location>

<location path="Members/Shared">
<system.web>
<authorization>
<allow roles="Administrator, Registered"></allow>
<deny users="*"/>
</authorization>
</system.web>
</location>

The top location tag allows only people in the Administrator role to access
pages in the /Members/Administrator folder. The second tag allows
Registered users to view their pages. The third allows both Administrators
and Registered users to view the Shared folder. I put my <location> tags
directly above my <system.web> tag and directly below my <configuration> tag
in the Web.config file. Doing it this way you only need to have 1 login per
user and then they can go wherever they are allowed to. Good luck! Ken.

 

[nicholas]

THX a lot for your reply.

Yes, indeed, I also use roles.
But I define those roles in a database, so you can add as much users and
roles as you want.

But I would like to have different login pages.
The look and feel of the admin-login-page is not the same as the look and
feel of the members-login-page.

There should be a way of doing this, but I allready searched around the net
and didn't found it.
Hope someone on this forum has an idea.

THX anyway,
Frédéric

____________________________________________________
---------------------------------------------------------------------
GIFTLIST
www.giftlist.be
Open your gift list in more than 100 shops in Belgium
Open Uw Geschenkenlijst in meer dan 100 winkels in België
Ouvrez votre liste de cadeau dans plus de 100 boutiques en Belgique

 

[Ken Dopierala Jr.]

Hi,

I don't think you can do what you are looking for in the Web.config file.
You can only have 1 login page per app. However there might be a work
around. In your login page use this:

FormsAuthentication.GetRedirectUrl

That will tell you what page your user is looking to get to. Check this in
the Page_Load event of your login page. By checking out the value of this
you may be able to determine the type of user based on where they want to
go. Then if this is a member instead of an admin use a Response.Redirect()
in the Page_Load to go to the members login page. Once there check if they
are authenticated. If they are, manually redirect them yourself to the
FormsAuthentication.GetRedirectUrl result. I don't know if this will work
but if it does let us know because then maybe I'll use that way in the
future too. Good luck! Ken.

 

[nicholas]

Good idea !
I'll try it out.

THX a lot,
Frédéric