How about sticking this in the web.config file:

<authentication mode=3D"Forms">=20
<forms loginUrl=3D"login.aspx" name=3D"adAuthCookie" timeout=3D"60" =
path=3D"/"/>
</authentication>

Have you rlogin box here and on submit do something like: (pardon the =
formatting)

if(/*Authenticate user here*/)
{

/*set session variable of user type here*/

FormsAuthenticationTicket authTicket =3D new =
FormsAuthenticationTicket(1,"loggedonuser", DateTime.Now, =
=20
=
DateTime.Now.AddMinutes(Session.Timeout),false,SecurityHandler.ThisUser.I=
D.ToString());
//Encrypt the ticket.
string encryptedTicket =3D FormsAuthentication.Encrypt(authTicket);
//Create a cookie, and then add the encrypted ticket to the cookie as =
data.
HttpCookie authCookie =3D new =
HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
//Add the cookie to the outgoing cookies collection.
Response.Cookies.Add(authCookie);=20
//You can redirect now.
Response.Redirect(FormsAuthentication.GetRedirectUrl(_usernametext.Text, =
false));
}
else
{
//redirect to error page
}

this will authenticate access to any direct page access, however as I'm =
sure you have realised this doesnt solve your user specific problem.

You could possibly have your home pages derive from a secure page =
instead of System.Web.UI.Page, in the OnInit method of your secure page =
you could call a virtual method Secure Page. Then override this method =
in each of the admin or user pages to check the session variable we set =
on login and redirect accordingly, maybe log them out and send them back =
to login page:

System.Web.UI.Page
|
|-------> SecurePage
|
|-------->AdminPage
|-------->UserPage


class SecurePage : System.Web.UI.Page
{
override protected void OnInit(EventArgs e)
{
SecurePage();
InitializeComponent();
base.OnInit(e);
}

protected virtual void SecurePage() {}
}

class AdminPage : SecurePage
{ =20
protected override void SecurePage()
{
//get session variable check user type throw out if neccessary
}
=20
}


MattC


[quoted text, click to view]