Login for admin and ordinary user

Should I have one login form for ordinary user and admin Or should I have separate login form for admin and ordinary user?

Solution

It is OK to have the same form.

The purpose of the login page is authentication-- determine who the user is, not what they can do (see What is the difference between authentication and authorization?). So for example you might want them to submit a password or other token to reduce the risk that they are not the person they say they are. That can be the same process for everyone.

Certain features in your site may be available only to administrators or end users, but checking for permissions (authorization) can only be done after you're sure who the user is (they have authenticated). And logic to check for permissions should be present on every single page. So it has little bearing on what the authentication process is like.

How to manage user claims?
How to get the popup menu to select user certificate in Tomcat 10 server?
Enable password and unix_socket authentication for MariaDB root user?
How to consume from an eventsource API requiring auth headers?
How to display an Error message when logging in fails in Reactjs
Notify navbar of authenticated status when logged in (Angular)
Proper way to store a token retrieved client-side in nextjs 13 "App Router" version?
Signout and login not working in auth.js in Next14 with middleware and server actions
Laravel: Auth::user()->id trying to get a property of a non-object
404 page not found when running firebase deploy
.NET 8 Blazor Server - role authorization with Windows Authentication
Error: "OrganizationFromTenantGuidNotFound" (even with Microsoft 365 subscription)
Symfony2: How to change Entity Manager just before doing login_check
JWT signature verification failing
SMAppService register() - How to detect launch at startup/login vs regular launch?
AppwriteException: User (role: guest) missing scope (account), not able to get account after creating a session
authMiddleware doesn't exist after installing clerk
Stop request in CookieAuthenticationEvents.OnValidatePrincipal after response body has been written to
Blazor Hosted WebAssembly with Keycloak and Basic Authentication Issue
How to change the app name for Firebase authentication (what the user sees)
How do I restrict Apache/SVN access to specific users (LDAP/file-based authentication)?
Unexpected authorization behaviour in a Blazor Web App with .NET 8
MongoDB: Understand createUser and db admin
Update react context without refreshing page on state update
What is the standard/modern way to use CAC/PIV card authentication in Java/Tomcat web applications?
Keycloak retrieve custom attributes to KeycloakPrincipal
Secure Google Cloud Functions http trigger with auth
Cannot authenticate in fresh installed Laravel 11 with MySQL/MariaDB
authentication with only username (id) in laravel
Having problem Authorizing Authenticated user account in Web API