11

I have a ASP.NET MVC project, and I would like to have a different LoginUrl for different areas of the website. Depending on the area of the site, different types of credentials are entered.

http://host.com/widget/home should redirect the user to http://host.com/widget/logon.

http://host.com/admin/home should redirect the user to http://host.com/admin/logon.

So far, the best solution I have come up with, is to have Forms Auth loginUrl="~/Account/Logon" in the web.config:

   <authentication mode="Forms">
      <forms loginUrl="~/Account/LogOn" timeout="2880"/>
   </authentication>

In the controller for Account:

public ActionResult LogOn()
{
   //redirect depending on the returnUrl?
   string returnUrl = ControllerContext.Controller.ValueProvider["ReturnUrl"].AttemptedValue;
   if (returnUrl.StartsWith("/widget"))
   {
       return Redirect(string.Format("/widget/Logon?ReturnUrl={0}", returnUrl));
   }
   if (returnUrl.StartsWith("/admin"))
   {
       return Redirect(string.Format("/admin/Logon?ReturnUrl={0}", returnUrl));
   }
   return View();
}

Is there a better way to do this?

Improve this question
1
  • 1
    BTW: you can just put returnUrl as a string parameter to the method : LogOn(string returnUrl) Commented Jan 11, 2011 at 1:16

3 Answers 3

Reset to default
4

I asked and answered this in my stackoverflow question How to redirect to a dynamic login URL in ASP.NET MVC.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

I know that you can have separate web.config files in sub-folders of a website, so that if you had actual .aspx pages within an admin/ folder, and a web.config in that folder, you could specify the authentication url in that folder separately.

I'm not sure if that works with ASP.NET MVC routes as you're probably not going to have physical files in those sub-folders, but it's worth a try.

Improve this answer

1 Comment

In MVC Areas you do have separate web.config's but you'll probably end up with the error if you attempt to add the authentication attribute: It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS.
1

Add Authenticate attribute to your actions.

Then in global.asax add Application_AuthenticateRequest then look at the sender and redirect there where you want the action to login.

Improve this answer

1 Comment

I'm just curious, but this seems to be similar to what I had originally done, just in a different place. What are the advantages of doing it this way?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.