Forms Authentication (using IP and login page)
Posted on 2009-05-13
I have asked this question before, but maybe not as clear as I should have, I'm going to try again with hopes someone has done this before.
I have a website that has 2 different protected areas. Access to these areas (folders) could happen 2 different ways. 1. IP authentication or 2. logging in with username and password.
I built a custom membership and custom role provider. I can get the users role whether they come in through the login form or via IP and give them access to the proper folders.
The problem occurs when they hop between the 2 folders. The user could be at work and gain access to a folder via the work IP address, but then go over to the other protected area and have to login with their personal username and password (the IP role comes from the company record in the table and the username and password role comes from the users record)
So the problem is when they hop back and forth. For example user goes to folder 1 and is prompted to login. A forms authentication cookie is established and the role is gathered and I allow them access to the page. Now the user (already authenticated) goes over to the other folder where they have an IP subscription from their work record, but because their previous authentication doesn't have the correct role (only have their personal role) they get kicked over to the login page. They don't have a username and password because they have IP access.
Any ideas? Am I explaining this right?