Hi all,

I posted a thread but was unable to find the answer to my question.  I realized that I posted it in the wrong topic so Im going to repost here.

I have a web application that uses two different authentication mechanisms.  On is regular asp.net membership/roles/profiles, and the other is an outside data store that will only authenticate the user.

I have my project broken down with folders and each folder has its own web.config file that determines which users can access that area of the website.  It looks like the following:

ROOT

web.config

-----Folder1

-----web.config (only allows users from asp.net membership/roles authentication)

-----Folder 2

-----web.config (allows all users)

----------Sub-Folder2

----------web.config ( denys only unauthenticated users)

Login.aspx

Now what I am trying to accomplish is to have 2 separate login pages.  I want the regular Login.aspx to handle all regular requests, but when a user is within Folder 2, and tries to access sub-Folder 2, I want that user to be redirected to a DIFFERENT login page... lets say Folder 2/Login.aspx.  The reason for this is because users in Folder 2 will be authenticating through a custom control and an outside data store. 

The problem is that whenever users try to access at this point, they automatically get redirected to the root Login.aspx page and I have tried everything from setting both authentication controls within a multiview control, to manual response.redirect to try to get the second group of users to a different page for authentication.

A friend told me something about being able to add a <location> tag into my ROOT web.config that would allow me to specify which Login.aspx page is to be used for each folder.  But he also said that it had something to do with creating a virtual directory on the webserver and I don't know what he's talking about.

I would appreciate ANY and ALL insight that you can give me.  My project is almost finished, but this is holding me up   

hello:

 I think that is better not to try to change the way asp.net work, do this and you will find the answer.

put both logins inside the login page, separated with a multiview. example view0=asp:login..... view1=yourLogin.

in the page load of the login put:

        If Not Page.IsPostBack Then

            'to get the destination url, so... where it comes rediredted
            Dim strPath As String = Request.QueryString("ReturnUrl")

            'we look for into the string to find the directory that contains the pages that need your own login
            Dim blnFind As Boolean = strPath.Contains("/sub-folder2/")

            if blnFind = true then

               multiview.activeviewindex = 1 'the asp:login

            else

               multiview.activeviewindex = 0 'custom login

            end

        End If
 

and thats it...

if you need more help feel free to ask... bye 

One other way to solve this issue is to get rid of the web.config in your sub folder (this way, asp.net won't hijack unauthenticated requests) and implement a httpModule. Detect if the user is trying to access an address with your subfolder as part of the string AND they are not authenticated with whatever your requirements are and manually redirect them to your secondary logon.

Hope that helps