I have a public facing website and need to create an "admin" site for managing the content of the website. I would like to create an "Area" for admin functionality and secure just the Admin area using forms authentication. Is this possible? If I put the necessary forms authentication bits in the root web.config file, will it interfere with the public facing pages? How do you isolate forms authentication to an area? Thanks.
The way I go about it is to add an Authorize Atrribute to the the controllers or actions I need to be secure.
In the controller either:
[Authorize] --secures all actions in the controller
public class SomeController : DefaultController
{
[Authorize] --secures only this action
public ActionResult SomeAction(){
}
}
you can restrict access to specific users and also use a RoleProvider to only allow specific user roles to access the actions decorated with the attributes. Hopefully this can be helpful to you.