authentication in webconfig

[utilitaire]

I'm building a web application with this structure:

myApp/
loginAdmin.aspx
loginsuperAdmin.aspx
web.config
admin/
web.config
superadmin/
web.config


The «admin» directory is for the clients. The «superadmin» is for the administrators. myApp/loginAdmin.aspx allows clients to gain access to the «admin» directory. Here's my web.config in the «admin» directory:

<authorization>
<allow users="admin"/>
<deny users="*"/>
</authorization>

My problem is here: I want to create the same authorization for the superadmin directory. I can't just do:

<authorization>
<allow users="superadmin"/>
<deny users="*"/>
</authorization>

in the superadmin directory. Cause the myApp/web.config, in the root, will redirect the administrator to the CLIENT login page(myApp/loginAdmin.aspx). This configuratin is written in the myApp/web.config:

<authentication mode="Forms">
<forms loginUrl="loginAdmin.aspx" path="/" timeout="60"/>
<passport redirectUrl="admin/page1.aspx"/>
</authentication>

So: is there a way to configure something in order to redirect the clients to the correct login page, depends on witch directory they're browsing(admin/superadmin)? If I try to access the superadmin directory, I want to by redirect to myApp/loginSuperadmin.aspx. If I try to access the admin directory, I want to by redirect to myApp/loginadmin.aspx.

thank you,

forgive my english

:-\

 

[PlausiblyDamp]

You may find the location element useful.
It will allow you to specifiy security in your main web.config but on a page or sub folder basis.
eg

<configuration>
   <location path="admin">
      <system.web>
         <authorization>
            <allow users="admin"/>
            <deny users="*"/>
         </authorization>
      </system.web>
   </location>
   <location path="superadmin">
      <system.web>
         <authorization>
            <allow users="superadmin"/>
            <deny users="*"/>
         </authorization>
      </system.web>
   </location>
</configuration>

 

[utilitaire]

Interesting, but I does not solve the redirect problem.

What if a visitor tries to acces a file in the superadmin directory? I dont want him to be redirect to the myApp/loginAdmin.aspx file, but to the myApp/loginsuperAdmin.aspx file.

This redirection is usualy setup in the web.config, in the application. That's what I did in the root (myApp/web.config). But I can only specify one redirection, right? Either I redirect to loginAdmin.aspx, or to loginSupeadmin.aspx. I would like to setup both ways, depends on directory you're browsing in.

The only way I found was to overwrite the authentication in both admin and superadmin directories. But this cause another problem: in order to do that, I must create a new application in both admin and superadmin directory. These directory will then work on differents applications. Therefor, my whole structure would fall appart! The bin directory, etc.

Any idea?

 

[PlausiblyDamp]

Is there any reason why you couldn't have a single login page for all users / admins / superadmins? To give each category of user their own login page seems a strange way of approaching the problem.

 

[utilitaire]

Well, I want my clients to log on a different page. I dont want them to see the login form for the administrators. I dont even want to let them know that an administrator section actually exists. The administrators have to log on special login page, with a different design.

I'm new in asp.net. With Asp, I use to send my clients to the admin/login.asp page, and the administrator to the superadmin/login.asp page. I send my clients to: www.mysite.com/admin/, witch redirect to www.mysite.com/admin/login.asp. And I send the administrators to: www.mysite.com/superadmin/, witch redirects to www.mysite.com/superadmin/login.asp.

thanks

 

[utilitaire]

moreover, I need to redirect the user to a different directory after login!
If a client log on /loginAdmin.aspx, I need to redirect him to the admin/ directory. If an administrator log on /loginSuperadmin.aspx, I need to redirect to superadmin/.

<authentication mode="Forms">
<forms loginUrl="login.aspx" timeout="60"/>
<passport redirectUrl="admin/index.aspx"/>
</authentication>

How am I supposed to do that, since there is no way to setup multiple passport in the authentication? Even if I managed to send the visitor to the correct login page, I wouldn't know how to redirect them correctly after that. Everyone would end up to the admin/index.aspx page!!!

any idea??? :-\