0

I am trying to implement a administrator login page (Roles = "Admin"), but it seems like the authentication of ASP.NET Identity has only one authentication Cookies. I really want to implement 2 distinct login pages one for Admin Group and other for User group. Any suggestions or help?

 app.UseCookieAuthentication(new CookieAuthenticationOptions { CookieName = "_user", CookiePath = "/", AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie, LoginPath = new PathString("/Account/Login"), LogoutPath = new PathString("/Account/Logoff"), Provider = new CookieAuthenticationProvider { // Enables the application to validate the security stamp when the user logs in. // This is a security feature which is used when you change a password or add an external login to your account. OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>( validateInterval: TimeSpan.FromMinutes(30), regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager)) } }); app.UseCookieAuthentication(new CookieAuthenticationOptions { CookieName = "_admin", CookiePath = "/Admin", AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie, LoginPath = new PathString("/Admin/Home/Login"), //LogoutPath = new PathString("/Account/Logoff"), Provider = new CookieAuthenticationProvider { // Enables the application to validate the security stamp when the user logs in. // This is a security feature which is used when you change a password or add an external login to your account. OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>( validateInterval: TimeSpan.FromMinutes(30), regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager)) } });

Login Controller: 

public async Task<ActionResult> Login(LoginViewModel model, string returnUrl) { if (!ModelState.IsValid) { return View(model); } // This doesn't count login failures towards account lockout // To enable password failures to trigger account lockout, change to shouldLockout: true var result = await SignInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, shouldLockout: false); switch (result) { case SignInStatus.Success: { var user = new ClaimsPrincipal(AuthenticationManager.AuthenticationResponseGrant.Identity); if (user.IsInRole("Admin")) { return RedirectToAction("Index"); } else { return View("Login"); } } case SignInStatus.LockedOut: return View("Lockout"); case SignInStatus.RequiresVerification: return RedirectToAction("SendCode", new { ReturnUrl = returnUrl, RememberMe = model.RememberMe }); case SignInStatus.Failure: default: ModelState.AddModelError("", "Invalid login attempt."); return View(model); } }
Improve this question
6
  • 1
    This is for ASP.NET Core - right?? Commented Mar 10, 2020 at 17:13
  • Authentication means finding out who the user is. You don't need multiple cookies for this. What you ask for is authorization - once you know who the user is, deciding what is allowed and what isn't. You don't need cookies for this at all. You need to use ASP.NET Core Identity's mechanisms to assign a role to that user Commented Mar 10, 2020 at 17:16
  • it's ASP.NET MVC :D Commented Mar 10, 2020 at 17:24
  • so, multiple logins with ASP.NET identity isn't possible? Commented Mar 10, 2020 at 17:30
  • You do not need multiple login pages.... How would the system know to which one to redirect you? Commented Mar 10, 2020 at 18:40

1 Answer 1

Reset to default
1

As @Jonathan Alfaro said. You don't need two cookies, you need to protect your admin resources(Action or Controller) using Authorize attribute. For example:

[Authorize(Roles = "Admin")] public ActionResult AdminOnly() { return View(); }

This action is available for users who have Admin role.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.