We have an application that is currently required to be accessed using two authentication schemes, Forms Auth and Active Directory or NTLM / Windows Auth.
The way the application is now, there are two IIS sites pointing to different folders with the same set of files, everything identical except the web.config.
Before anyone flames me this was an inherited application, but nevertheless one I am now responsible for. We have an opportunity to do some refactoring and I'm trying to figure out the best way to proceed.
Let's say the requirements for straight NTLM authentication for the application stands. You have to be able to access the app with an integrated AD prompt, allowing the employees on the internal network to access the site without manually logging in at all.
Now suppose the same application also needs to be accessible from users outside the organization as well. Using forms authentication and the Membership provider. What's the least horrible way to configure this application?
Is there any possible way to configure IIS to use a file named something other then web.config for it's config file? That could nip this in the bud right there.
In source control I'm thinking the way to go is to have all the source files in one project, a 'shared' project, and use build time events to copy themselves into the two consuming web projects on build of either of the consuming projects. Then we can continue to deploy the application in two different folders but at least in source control the common source files will exist in only one place. The downside of this is we would lose dynamic compilation, which really sucks. But better that then a ton of duplication.
I did some experimentation with routing but it seems as if you can't route to a file outside of the application's root, which would need to be different to define the different authentication schemes, so I don't think that would work.
Any thoughts, feedback or ideas are greatly appreciated,
bd