Unique Forms Authentication in Two Different Folders ASP.NET

0
votes

In my web app there are two areas accessible by the user, one normal area available to normal users and one area available to admin users.

Regular:

http://www.myapp.com/Home.aspx

Admin:

http://www.myapp.com/admin/Home.aspx

One of the capabilities in the admin area is you can enter any username into a textbox and login on behalf of a "regular" user. So here is my issue:

  1. Admin user logs in as "[email protected]".
  2. Admin then goes to log in on behalf of "[email protected]"
  3. Now the admin goes to another page in the /admin folder but instead of it working the Forms Auth now recongizes them as "[email protected]"

Here's my question:

Is there a way to have a completely different forms authentication entry for the "/admin" folder? If I authenticate someone in that folder can it have a different Forms Auth cookie than the regular application? Can it also have a different login url for regular vs. admin?

1
asp.netforms-authentication

1 Answers

0
votes

Hmm, Interesting. Asp.net membership provider will not support this out of the box. If I understand correctly, what you want is to allow 'adminuser' to use the site as 'regularuser' keeping his admin priviliges (roles). If that is the case I would create a special login page for admin's, which requires the following info: admin username , admin password , username to impersonate . Do the following:

  1. Validate admin user (MembershipProvider.ValidateUser)
  2. if credentials are valid, log in as 'regularuser' (FormsAuthentication.SetAuthCookie)
  3. Add 'regularuser' to the admin role (Roles.AddUserToRole)
  4. Set 'regularuser' MembershipUser.IsApproved status to false. This prevents the real 'regularuser' from logging in and gaining admin priveliges.

Provide a special logout page:

  • Revoke admin role: Roles.RemoveUserFromRole
  • Reset the 'IsApproved = 'true' for regularuser
  • Logout (FormsAuthentication.SignOut() )

Good luck. Let me know how it goes!