Multiple signin pages in one asp.net application

Question

• I have one asp.net web application.
• It is using two membership provider.
• Two sign-in pages one for each provider.
• Now i have two folders in root Folder1 & Folder2
• Folder1 uses 1st membership provider
• Folder2 uses 2nd membership provider

I got almost everything working including signin, create user etc in both provider. Only issue is in Form authentication i can define only one loginpath. So when session expires or need login to access secure pages. it can only redirct to one sign in page.

Also that section can't be defined by location. by application only.

How can i get folder2 to use 2nd sign in page?

• if there is anything i can define by location?

Answer 1

You need to use the <location> element in your web.config. You can use the <location> tag to apply authorization settings to an individual file or directory.

<location path="/root">
  <system.web>
      <authentication mode="Forms" >
        <forms name="LoginForm" defaultUrl="default.aspx" 
        loginUrl="/root/login.aspx" protection="Encryption" 
        timeout="30" path="/"/>
      </authentication>
    <authorization>
      <allow users="?" />
    </authorization>
  </system.web>
</location>
<location path="/root/admin">
  <system.web>
    <authentication mode="Forms" >
      <forms name="formName" defaultUrl="login.aspx" 
      loginUrl="/root/admin/login.aspx" protection="Encryption"
      timeout="30" path="/"/>
    </authentication>
    <authorization>
      <allow users="?" />
    </authorization>
  </system.web>
</location>

MSDN

For centralized administration, settings can be applied in the Machine.config file. The settings in the Machine.config file define machine-wide policy and can also be used to apply application-specific configuration using <location> elements. Developers can provide application-configuration files to override aspects of machine policy. For ASP.NET Web applications, a Web.config file is located in the application's virtual root directory and optionally in subdirectories beneath the virtual root.

If you would like 1 login location and different access levels you might want to use roles.

<location path="/root">
  <system.web>
    <authorization>
       <allow roles="admin,root" />/*admin, root is allowed */
       <deny users="*" /> 
   </authorization>
  <system.web>
</location>  

<location path="/root/admin">
  <system.web>
    <authorization>
       <allow roles="admin" />/*admin is allowed */
       <deny users="*" /> 
   </authorization>
  <system.web>
</location>  

Users can belong to more than one role. For example, if your site is a discussion forum, some users might be in the role of both Members and Moderators. You might define each role to have different privileges on the site, and a user who is in both roles would then have both sets of privileges.

You can access all these element at the code level if you would like to manipulate the roles/authentication programmatically

Page.User.Identity.Name
Page.User.Identity.IsAuthenticated
Page.User.Identity.AuthenticationType
Page.User.IsInRole("string");

Additional Links

Using 2 Membership Providers in asp.net

4 Guys From Rolla Tutorial

The ASP.NET web.config File Demystified

Answer 2

See How to override/change FormsAuthentication LoginUrl in certain cases

It appears from various people researching, that you cannot tell FormsAuthentication to have two different Login pages. But there is nothing preventing you from creating some base page class or other code in your two folders that can determine which login page to direct to. Or, I think that the Application_BeginRequest event fires before the FormsAuthentication module fires, so you could examine requests before they get redirected by FormsAuthentication. Either way though, you would be forced to allow anonymous users to Folder1 and Folder2, which is not ideal.