how to make different authentication in asp.net c# web form?

Question

we have two part for authentication in web site. the first use in admin and the second use for users to enter to site.when admin authentication in site and go to user page ,make error.how to create different authentication for those?web config code:

<authentication mode="Forms">
  <forms loginUrl="~/admin/Login.aspx" timeout="2880" />
</authentication>

Answer 1

Based on your reply in comments...

we read users permissions on sign on.when i use User.Identity.IsAuthenticated then its return true.but this Authenticated for admin.how to make different Authenticated for users?

Checking whether a user is authenticated is different from checking a user's permissions. Authentication only tells you that the person visiting your site has authenticated themselves (i.e. logged on to their account).

What's missing in your equation is the authorization phase (Remember college/uni? Everyone is issued ID cards, on access to the college/uni grounds you authenticate yourself, staff members also authenticate themselves, students won't have authorization to enter the staff room or perform certain tasks, but staff members do).

We implement this using what's called Roles, every user should have a Role. Every Role should have a set of Permissions associated with it, for now I wouldn't worry about Permissions as it can get real complicated real quick, if you focus on ìmplementing roles alone for now, it would be enough to get you going.

Once every user has a role associated to their account, you can check their Role instead of whether they're simply authenticated, which doesn't tell you much.

There should be an extension method to the IPrinciple interface along the lines of GetUserRoles() already implemented in framework, User.Identity.GetUserRoles() something along the lines of that.