I think I have a working solution that keeps each area completely separate. Using the default template as a starting point, I added another constructor to the MvcApplication1.Models.AccountMembershipService class to accept the string (also modified existing constructors to disambiguate).
public AccountMembershipService()
{
_provider = Membership.Provider;
}
public AccountMembershipService(MembershipProvider provider)
{
_provider = provider ?? Membership.Provider;
}
public AccountMembershipService(string applicationName)
: this()
{
_provider.ApplicationName = applicationName;
}
Then I copied the AccountController to each area and changed the Initialize overload to include the name of the area from the route data.
protected override void Initialize(RequestContext requestContext)
{
if (FormsService == null) { FormsService = new FormsAuthenticationService(); }
if (MembershipService == null) { MembershipService = new AccountMembershipService(requestContext.RouteData.DataTokens["area"].ToString()); }
base.Initialize(requestContext);
}
Now each area is registered as a new application under forms authentication, and all users and roles must be stored separately.