Configuring an ASP.Net app for multiple login locations with forms authentication

The title isn’t descriptive enough for this post, but it will have to do. Today I was trying to get an ASP.Net application to allow me to define two different login levels. What I was trying to do was the following:

 

There’s a main ASP.Net application, which is allowed to be accessed by anyone (<allow users=”*”>).(http://www.domain.com/)

There’s a customer part where a login is required. (http://www.domain.com/customers/)

There’s a maintenance part where a different login is required. (http://www.domain.com/maintenance/)

 

Because I didn’t want to share my DAL between two applications and I wanted to keep everything within one solution (one project even) I was searching for a way to make sure only the maintenance user would be able to login to the maintenance part but both the maintenance user as well as all the customers would be able to login to the customer part. Especially for these kind of wishes, the <location> element in web.config seems to have been invented. I finally solved the case by defining my web.config as follows:

 

<configuration>

  <!--Default settings for the application (snipped some stuff here)-->

  <system.web>

    <authentication mode="Forms">

        <forms name="UniqueCookieName" loginUrl="login.aspx" />

    </authentication>

    <authorization>

      <allow users="*" />

    </authorization>

  </system.web>

 

  <!--Settings for the maintenance part-->

  <location path="maintenance"> 

    <system.web>

      <authorization>

        <allow users="maintenance_user" />

        <deny users="*" />

      </authorization>

    </system.web>

  </location>

 

  <!--Settings for the customers part-->

  <location path="customers"> 

    <system.web>

      <authorization>

        <deny users="?" />

      </authorization>

    </system.web>

  </location>

 

</configuration>

 

As you can see, I’ve configured the application so that the maintenance-user is the only user that is allowed inside the ‘maintenance’ folder. All other users are denied access. By the way, allowing the maintenance user must happen before denying all the others, or else no-one has rights there.

 

Within the customers location, anyone who logs in is allowed. So everybody who’s unknown is not allowed to do anything.

 

This was my fairly simple solution to what I thought would be something of a challenge…
Published Fri, Apr 29 2005 11:14 PM by Rick van den Bosch
Filed under:

Comments

# re: Configuring an ASP.Net app for multiple login locations with forms authentication

Can u help me out i am also making a website i have to do same thing in my website in url its my messenger id can u contact me there farhanaeem@hotmail.com or through emails i will be very glad full to u

Wednesday, October 17, 2007 12:04 PM by Farhan Naeem

# re: Configuring an ASP.Net app for multiple login locations with forms authentication

I also searching for the same.... pl help

Monday, March 09, 2009 2:33 PM by pankaj

Leave a Comment

(required) 
(required) 
(optional)
(required) 
Please add 3 and 4 and type the answer here: