2 separate logins for asp.net application

I need to have 2 separate logins for my asp.net web site. Firstly I need to block access to the site 开发者_StackOverflow中文版entirely and show an unstyled log-in page (so it doesnt show the layout of the site).

This login is only needed whilst the website is in development.

Secondly, I need another login for a "members area" of the site. This is part of the functional site and will be permanent.

I'm at a loss as how to manage these 2 logins. I had first thought of using Windows authentication to allow preview access to the site and then forms authetication for the members part but according to IIS7 I "cant run Challenge based and Log-in redirect based authentication simultaneously".

Any thoughts?

well it is as you've read, you can only set it to either windows or forms auth in a web app, in your case I would've chosen forms auth since it allows you to do pretty much all you'll ever need.

Win auth in my opinion is only a good choice if its gonna be something that is closed and not accessible to anyone else but company, even then I would consider forms auth since I feel I have better control over everything. If you absolutely need both you would need to make them into separate apps.

I implemented something similar from code based on session. At begin of requests (actually, in basepage.oninit) I am checking if key present in session. If not, I am redirecting user to DeveloperPassword page. When user enter correct password, he can use other pages as well as windows forms login. For live environment, I use empty password and ignore this check from code.

There is a similar question here: IIS7: Setup Integrated Windows Authentication like in IIS6

But I think the solution is maybe not what you want.

I assume you just want to restrict people from accessing your development site. If you have a limited number of testes, why not just restrict the IP address? You can do that in IIS7.

Thanks for your suggestions.

Basically I went with using Forms Authentication and a single login page.

When the site is first viewed, the login page is shown with all the styling and header/footer removed.

Once logged in, any subsequent visits to the the login page (to access the member area) show the styling header/footer.

if (!HttpContext.Current.Request.IsAuthenticated)
{
Header1.Visible = false;
Footer1.Visible = false;
Label1.Visible = false;
}