2 Login pages for forms based authentication

It should be possible. In fact everything is already built in except the 2 different login pages. You could have any number of login pages and ASP.Net won't care about it as long as each page in itself sets the auth cookie and role. Obviously the user has to get to those 2 pages using 2 different URLs as ASP.Net won't have a way to know which one to use. For auto logout/redirect feature, you could have a cookie (your own independent of login) that us written after the login is done (from either page) indicating what page was used and when the user is logged out and goes to the site again, both login pages could read that cookie to determine which one should be used.

Dabas,

No that doesn't work.  You can't override forms authentication settings in subfolders without making them separate applications.  It is called a machine to application setting.  PS one set is in a separate subfolder - but the same role needs to access the ones in that folder, plus one page that is outside the folder.

amit_g,

Can you provide code for that?  As far as I can tell what you are describing is what I already have - a custom built solution - not a solution using the forms based authentication that comes with .NET

My custom method does use aspects/functions of forms based authentication, such as creating a forms identity.  It is very similar, but not the same as this article I found while trying to find the answer to if this can be done:
http://www.codeproject.com/aspnet/formsroleauth.asp

But that is really how to do roles in .NET 1.1, when I already have that.  I am looking for how to do this using the built in Forms Authentication and Roles Provider in .NET 2.0

Otherwise, if I can't find out that it can be done, then I would use the home built system I already have working.

I was talking about .NET 2.0. Assuming you are using VS2005, this is wizard driven. The wizard takes care of single login page and would make everything work without much problem. This is called membership and roles in the 2.0. Once you get that working, you just have to add second login page and modify a little bit in that page. Everything would work without much coding except the part where you would want to show the correct login page to already logged in user. For that you will have to write a custom cookie in successful login and read that cookie in default login page to see if you need to redirect the user to the other one.

As you might have already guessed, the code is not as little or simple to be posted here but the process is not difficult. Here is an article (out of so many) that would guide you to create single page form based authenticated membership and roles in .Net 2.0. The article is pretty simple to follow. Create a new test site/application following that article and make it work for you with single login page. After that make a copy of the login page to second login page and in that make few changes (like setting different role). The wizard would take care of the first login page in the web.config but for the second login page you will have to add the entry manually. Find the entry for the default login page and copy that over for the second login page.

Keep posting the problems you face.

amit_g,

I am using VS2005, but do not use wizards as I prefer to write the code that will run on my sites.

You mention an article but show no link.

>>the first login page in the web.config but for the second login page you will have to add the entry manually
Have you even tried what you are suggesting??  I am not a newbie and have tried this and it does not allow a second login page defined in the web.config.

Sorry about the missing link.

http://aspnet.4guysfromrolla.com/articles/120705-1.aspx

I am with you when you say, you want to write your own code. It is always better but to start, you could create a new application and see what code VS generates and then write/copy-paste from that.

The web.config doesn't allow second login page. There will only be one login page for the ASP.Net. What I meant by that is that you will have to allow all users to access the second page otherwise the .Net would redirect to the login page and the user would never be able to use the second login page. Something like this

  <location path="AlternateLogin.aspx">
    <system.web>
      <authorization>
        <allow users="?" />
      </authorization>
    </system.web>
  </location>

Yes, I have one application with 2 different login pages. There is one difference though. I don't assign different roles to the users from different login pages rather it is assigned based on membership.

I had previously read that whole series.  It really doesn't do what I am looking for.

By the way: As far as we can tell <allow users="?" /> doesn't trigger login.  Only <deny users="?" /> would trigger login.

>>There is one difference though. I don't assign different roles to the users from different login pages rather it is assigned based on membership.
Yes that is part of the key problem.  I can create a page that is not automatic, but users have a link - works only so/so because if you try to access a protected page you are only directed to the one login page defined in the web.config.  But I want you to be directed based on the path being accessed, to the correct login page.  Basically the effect of if you were allowed to add a section in a child web.config.  

However, roles assigned are based on the login page used.  I realize this is unique and that in general, you would lookup roles based on a person, but in this case the only people stored are the ones using the username/password combination.  Everyone else is not stored as a user.  Therefore, everyone else who properly authenticates needs a pre-defined "default" role (and each has a unique Id as the username, so I can't just create a default user and assign roles to that).

I realize it is a non-standard situation.  Basically I was able to get a plain forms authentication working, but could not then get the roles to work with it.

Just an idea that might help.

Can you have just the one login page, for both types of roles.
Have separate <div> or other container for each role.
In Page_Load, depending on the role of the user you can make one of the <div> visible, while making the other one hidden.

Dabas

Dabas,

I thought of that but couldn't figure out how it would work - and don't think it can.  How would I know which div to make visible?  You don't know what role a person will be in until they successfully authenticate.  - It could be NO roles if they are a random web surfer that hits the page and doesn't know any of the credentials of either kind.

mrichmon > "depending on where you are trying to get to, depends on which login page you are sent to."


Can't you put this type of reasoning to create a querystring that you pass to the Login.aspx?

No.  I can't add fields to the querystring of every page that might be accessed.  So unless you know of a way to have .NET dynamically redirect to different pages - or the same page with a different querystring, no matter which page is actually accessed....

>>But I want you to be directed based on the path being accessed, to the correct login page.

This is not possible with built in mechanism or with simple add on to it - or at least I don't know of a way.

I was thinking that you have a need of 2 or more login pages only as 2 or more entry points and once the user is authenticated, you know with one to use (by a persistent cookie) even after the user logs off. Since the .Net would always send an unauthenticated users to the same login page, you could use that cookie to send to the other login page. This would work as long as user has logged in once, you can always show the correct login page.

Have you thought about using ReturnUrl parameter passed to the login page for this purpose?

>>you know with one to use (by a persistent cookie) even after the user logs off
Hard to explain, but based on other situations I have a persistent cookie will not work.