We have an ASP.NET application that is partly in MVC (the rest is the deprecated CMS web form). The application is authenticated using forms authentication, although any user accessing it from a specific set of IP addresses is automatically assigned to a "special" user.
We currently have a child application that we would ideally like to bring to the (parent) MVC application as an area. This application uses Windows authentication as the second level of authentication. Is there an easy way to keep the second level of authentication (perhaps using the 2nd authorization attribute)? This means that users can log in to this application both inside and outside the set of IP addresses used by the user for special forms authentication, which excludes direct form authentication. We also do not necessarily bind to Windows authentication for this second layer, if that makes the solution simpler.
source
share