Solved

Multiple Forms Authentication

Posted on 2004-10-13
12
3,904 Views
Last Modified: 2008-01-09
I currently am using Web.Config to lock down a "members" folder which is for membors-only. I also have a completely different VB.NET project for the administrative side and wanted to see if there is a way to do multiple forms authentication inside Web.Config? Basically, it won't let you into members w/o a valid user/pass - this is a seperate DB table than the admin users though and I wouldn't want people who are members to be able to access the admin area and vice versa...unless of course a duplicate account exists and it can essentially do a pass-through of the login information and go from say the admin area to that person's member account.

I hope that makes sense. I know I can do role-based authentication but I want to try and use the existing setup that is currently in place.

Thanks in advance!
0
Comment
Question by:goconcepts
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
  • 2
12 Comments
 
LVL 18

Expert Comment

by:tusharashah
ID: 12304344
Do you want something like this?
http://www.experts-exchange.com/Programming/Programming_Languages/Dot_Net/ASP_DOT_NET/Q_21159585.html

------------------------------------------------------------------------
<!--Web.Config -->
<configuration>

 <system.web> <!-- This is default system.web -->
   <authentication mode="Forms">
     <forms loginUrl="Login.aspx" name=".sampleNETAUTH" protection="All" path="/" timeout="300"/>    
   </authentication>
 </system.web>

 <location path="SecurePage1.aspx">
   <system.web>
        <authorization>
            <allow users="?" />
        </authorization>
    </system.web>
 </location>

<location path="SecurePage2.aspx">
   <system.web>
        <authorization>
            <deny users="?" />
        </authorization>
    </system.web>
<!-- You can even setup Different connection string for different database -->
     <appSettings>
     <add key="connectionString" value="YourConnectionString"/>
    </appSettings>
 </location>

</configuration>
------------------------------------------------------------------------

-tushar
0
 
LVL 28

Expert Comment

by:mmarinov
ID: 12305379
tusharashah,

i'm sorry for the missunderstanding, but i was clicked on the admin comment when i've posted the normal comment

B..M
0
 

Author Comment

by:goconcepts
ID: 12305456
No, they are seperate folders, not just pages. If someone is considered authenticated for one would they be automatically authenticated for the other since it is one forms auth? Here is the code I am using currently and basically I want to know if I can duplicate it inside Web.Config...I know I can do another Web.Config file but wouldn't it require all the same stuff as the other one?

******************************************************************************

<configuration>
    <location path="members">
      <system.web>
            <authorization>
                  <deny users="?" />
            </authorization>
      </system.web>
   </location>


<authentication mode="Forms">
            <forms name="sqlAuthCookie" loginUrl="members/login.aspx" protection="All" timeout="60" path="/"/>
</authentication>

******************************************************************************

I would need two different login pages obviously as well...so how would I specify that since "members/login.aspx" is specified inside the forms name tag?
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 28

Expert Comment

by:mmarinov
ID: 12305486
goconcepts,

look here : http://www.codeproject.com/aspnet/aspnetsinglesignon.asp
about the multiple login pages - i don't think it is possible to do

B..M
0
 
LVL 18

Expert Comment

by:tusharashah
ID: 12307322
B..M,
you scared me with that Admin comment.. the moment I saw my name inside Admin comment.. i said "i never wrote anything wrong"...

Well, true.. if they are different Projects then you wont be able to have one Web.Config file for both of them. But you can setup for different folders. You can add different <location> tag for different folders.. (like i saw for different pages previously).

You can have Login page in one of the Project and you alwayz redirect the user to that particular page using full URL in authentication tag:
------------------------------------------------------------------------------------------------------------------------------
<!-- Project: Members -->
<authentication mode="Forms">
          <forms name="sqlAuthCookie" loginUrl="http://www.YourDomain.com/members/login.aspx" protection="All" timeout="60" path="/"/>
</authentication>

<!-- Project: Administrator -->
<authentication mode="Forms">
          <forms name="sqlAuthCookie" loginUrl="http://www.YourDomain.com/members/login.aspx" protection="All" timeout="60" path="/"/>
</authentication>
------------------------------------------------------------------------------------------------------------------------------

Now if Authenticated user is an Admin user then set some Session Variable & share it between 2 application from the method B..M showed in his 1st comment. So, you'll have let's say Session["Admin"] set up in both the application & you'll not have to log Admin user again.

-tushar
0
 
LVL 28

Expert Comment

by:mmarinov
ID: 12307342
I'm really sorry for this tusharashah, it was Alt+A shortcut and i didn't see that i was press it :(

B..M
0
 
LVL 18

Expert Comment

by:tusharashah
ID: 12307411
Oh dont worry B..M, i understand.. sometimes such shock are good.. specially in Morning ;)

-tushar

ps. sorry for off topic comments goconcepts
0
 

Author Comment

by:goconcepts
ID: 12316665
So...tushar, based on what you posted I can have the following code:

<!-- Members -->
 <location path="members">
     <system.web>
          <authorization>
               <deny users="?" />
          </authorization>
     </system.web>
   </location>

<!-- Admin -->
 <location path="admin">
     <system.web>
          <authorization>
               <deny users="?" />
          </authorization>
     </system.web>
   </location>


And then two different authentication modes? If someone goes to members will it automatically go to the "login.aspx" page located in members or wouldn't it just go to the first one listed and ignore the other one?

0
 
LVL 18

Expert Comment

by:tusharashah
ID: 12318006
Having 2 <location> is only helpful for 2 different folders inside one project. I Believe you have 2 different project. In that scenario..
I'm suggesting:
  - Have 1 Login Page
  - 2 different Web.Config file for both of them..
  - Both file will point to same login page.
  - Store Session/Cookie variable while user is Authenticated in Login Page.
  - Share Session/Cookie among multiple project (with the method B..M showed above)
             - i.e. Session["MemberType"] = "Member" or "Admin"; // Now sharing this session among your application will allow you to identify your UserType..


-tushar
0
 
LVL 18

Accepted Solution

by:
tusharashah earned 350 total points
ID: 12318052
Now if in case you have 2 different folders inside one project then do something like following:

------------------------------------------------------------------------------------------

After you verify User Login/Password Call this function following way:
   FormsAuthentication.RedirectFromLoginPage("Member", false);   // If Authenticated user is Member
Or
   FormsAuthentication.RedirectFromLoginPage("Admin", false);   // If Authenticated user is Admin


------------------------------------------------------------------------------------------
<!-- Members -->
 <location path="members">
     <system.web>
          <authorization>
               <allow users="Member;Admin" /> <!-- Allow Member & Admin Only-->
               <deny users="?" />                      <!-- Deny UnAuthenticated Users -->
          </authorization>
     </system.web>
   </location>

<!-- Admin -->
 <location path="admin">
     <system.web>
          <authorization>
                <allow users="Admin"/>              <!-- Allow Admin Only-->
                <deny users="*" />                     <!-- Deny all other Users -->
          </authorization>
     </system.web>
   </location>
------------------------------------------------------------------------------------------

Again, this method is for 2 folders in Same Project.

-tushar
0
 
LVL 18

Expert Comment

by:tusharashah
ID: 12350572
Just came across this article, regarding signing in Multiple Applicatoin:
   http://www.codeproject.com/aspnet/aspnetsinglesignon.asp

-tushar
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article discusses the ASP.NET AJAX ModalPopupExtender control. In this article we will show how to use the ModalPopupExtender control, how to display/show/call the ASP.NET AJAX ModalPopupExtender control from javascript, how to show/display/cal…
In .NET 2.0, Microsoft introduced the Web Site.  This was the default way to create a web Project in Visual Studio 2005.  In Visual Studio 2008, the Web Application has been restored as the default web Project in Visual Studio/.NET 3.x The Web Si…
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question