Redirect user to Mulitple Login Pages using ASP.NET Membership

Question

Redirect user to Login Page dependent on the Folder they are in. I have a web application with the root directory which is used by all users and the admin site.

For people that would require the authenticated functionality of the site, they would require to login and be redirected to root/login.aspx. However, when an Admin needs to login to the root/admin/ section of the site, I want them to be redirected to the login form on root/admin/login.aspx

  <configuration>
      <appSettings/>
      <connectionStrings/>
    <system.web>
      <authorization>
        <deny users="?" />
      </authorization>
    </system.web>
  </configuration>

I have this file in the root/admin directory. I have tried adding the following line but it is giving an error.

  <authentication>
    <forms defaultUrl="default.aspx" loginUrl="default.aspx"></forms>
  </authentication>

Basically I am trying to overwrite the defaulturl and loginurl that exists in the main app.

Answer 1

You need to use the <location> element in your web.config. You can use the <location> tag to apply authorization settings to an individual file or directory.

<location path="/root">
  <system.web>
      <authentication mode="Forms" >
        <forms name="LoginForm" defaultUrl="default.aspx" 
        loginUrl="/root/login.aspx" protection="Encryption" 
        timeout="30" path="/"/>
      </authentication>
    <authorization>
      <allow users="?" />
    </authorization>
  </system.web>
</location>
<location path="/root/admin">
  <system.web>
    <authentication mode="Forms" >
      <forms name="formName" defaultUrl="login.aspx" 
      loginUrl="/root/admin/login.aspx" protection="Encryption"
      timeout="30" path="/"/>
    </authentication>
    <authorization>
      <allow users="?" />
    </authorization>
  </system.web>
</location>

MSDN

For centralized administration, settings can be applied in the Machine.config file. The settings in the Machine.config file define machine-wide policy and can also be used to apply application-specific configuration using <location> elements. Developers can provide application-configuration files to override aspects of machine policy. For ASP.NET Web applications, a Web.config file is located in the application's virtual root directory and optionally in subdirectories beneath the virtual root.

If you would like 1 login location and different access levels you might want to use roles.

<location path="/root">
  <system.web>
    <authorization>
       <allow roles="admin,root" />/*admin, root is allowed */
       <deny users="*" /> 
   </authorization>
  <system.web>
</location>  

<location path="/root/admin">
  <system.web>
    <authorization>
       <allow roles="admin" />/*admin is allowed */
       <deny users="*" /> 
   </authorization>
  <system.web>
</location>

Users can belong to more than one role. For example, if your site is a discussion forum, some users might be in the role of both Members and Moderators. You might define each role to have different privileges on the site, and a user who is in both roles would then have both sets of privileges.

You can access all these element at the code level if you would like to manipulate the roles/authentication programmatically

Page.User.Identity.Name
Page.User.Identity.IsAuthenticated
Page.User.Identity.AuthenticationType
Page.User.IsInRole("string");

Tutorials

4 Guys From Rolla Tutorial

The ASP.NET web.config File Demystified