Hello all,

I am trying to create a virtual directory where a user can
authenticate securely (via SSL) and then get back to the normal HTTP
site.
First I created a new virtual directory called members and required
SSL for it. I created a new ASP.NET application at members and put the
necessary stuff in web.config:

   <system.web>
     <authentication mode="Forms" />
     <compilation defaultLanguage="c#" />
     <authorization>
       <allow roles="Customer"/>
       <deny users="*"/>
     </authorization>
   </system.web>

This works but when a user goes back to the HTTP site I don't get
anything in Page.User.Idenitity.
So I tried putting everything back in the main application (removed
the members application from IIS) and added this to the main
web.config:

  <authentication mode="Forms">
     <forms loginUrl="https://server/members/login.aspx"/>
  </authentication>
 <location path="members">
   <system.web>
     <authentication mode="Forms"/>
     <authorization>
       <allow roles="Customer"/>
       <deny users="*"/>
     </authorization>
   </system.web>
 </location>

However, members is only accessible via HTTPS and the location doesn't
apply (because it's only expecting http://server/members and not
https://server/members). This means that the user won't get redirected
to my login URL. It is not allowed to put an absolute URL in location
tags (which would be <location path="https://server/members"> so it
seems I'm stuck.

Does anyonone have a solution for this? I'm thinking of getting back
to the 2 applications solution and passing the user information to the
HTTP site somehow (any ideas?).

Thanks in advance,

Manuel Ricca