protecting two different folders with forms authentication

I have an asp.net site for which I want to protect two different
folders (for arguments sake, call them "members" and "admin").

I'm reading username and password info from a database, which is
working fine. My problem is that I can't see how, using the
web.config file, I can specify which login page each folder uses.

Part of my web.config in the root looks like:

<authentication mode = "Forms" >
<forms loginUrl = "login.aspx"
name = ".ASPXAUTH"
protection="All"
timeout="10"
path="/"
/>
(with an <allow users="?" />).

And in both the /admin and /members directory, it looks like:

<authorization>
<deny users="?" />
</authorization>
So when I try to access a aspx file in /admin, I get redirected to
/login.aspx. However, if I also want to protect the /members
directory, how do I configure it? At the moment, it's using the same
session var (.ASPXAUTH) for both types of login.

Currently, I also have a web.config in /members, but it looks the same
as the one in /admin, so when the user tries to access either the
/members or /admin directory they are redirected to /login.aspx. I
want to members to be redirected to members.login.aspx, and admin to
redirect to admin.login.aspx.

I hope that makes sense! I'm having problems explaining myself! :-)

TIA,
A.

The <authorization?> settings in web.config affect all files and
subfolders by default wiht the same settings. If you want to change the
settings fort a specific file or directory you can use the <location>
element:

<configuration>
<system.web></system.web>
<location path="SomeSubDir">
<system.web>
<authorization>
<allow roles="Admin" />
<deny users="*" />
<authorization>
</system.web>
</location>
</configuration>

-Brock
DevelopMentor
http://staff.develop.com/ballen

I have an asp.net site for which I want to protect two different
folders (for arguments sake, call them "members" and "admin").

I'm reading username and password info from a database, which is
working fine. My problem is that I can't see how, using the
web.config file, I can specify which login page each folder uses.

Part of my web.config in the root looks like:

<authentication mode = "Forms" >
<forms loginUrl = "login.aspx"
name = ".ASPXAUTH"
protection="All"
timeout="10"
path="/"
/>
(with an <allow users="?" />).

And in both the /admin and /members directory, it looks like:

<authorization>
<deny users="?" />
</authorization>
So when I try to access a aspx file in /admin, I get redirected to
/login.aspx. However, if I also want to protect the /members
directory, how do I configure it? At the moment, it's using the same
session var (.ASPXAUTH) for both types of login.

Currently, I also have a web.config in /members, but it looks the same
as the one in /admin, so when the user tries to access either the
/members or /admin directory they are redirected to /login.aspx. I
want to members to be redirected to members.login.aspx, and admin to
redirect to admin.login.aspx.

I hope that makes sense! I'm having problems explaining myself! :-)

TIA,
A.