help!! credentials stored in web.config vs in database

[Guest]

Hi,

I have difficulties about authentication & authorization thing.
My project has an admin folder (which can only be accessed by administrator)
and a secret folder - (can be accessed by registered users).

Is it possible to store credentials in two different places and using only
one login page? (the administrator credentials in web.config file while the
registered users credentials are stored in the database).

So far, what I got working was either choose one of them: in web.config or
in the database.

I am confused how and where (which web.config, root or particular folder) to
put the authentication and authorization codes.

If it is not possible, I was thinking of having 2 login page. For registered
users and for admin. But, the problem is: it always direct me to login.aspx.
How can I direct them to adminLogin.aspx when someone try to access a file in
the admin folder?


Thanks so much...

 

[DKode]

If i were you,

put all the login information into a database. In the table that holds
your usernames/passwords have an additional field that is marked by 0
or 1 to differetiate between admins and normal users. This gets rid of
the problem of having multiple different login pages etc..

Then in your login.aspx, once the user is authenticated, check if they
are an admin, if they are then redirect them to a different page (like
your /admin/ folder)

hope this helps.

Sean

 

[Guest]

Thanx for ur reply


"DKode":