Second Level Authentication...suggestions pls

Hey All, Just wanted your opionion on what a simple way to accomplish the following would be. I know this isnt the ideal forum for this question, but there is just too much knowledge here to not ask :p

I have a website, duh, with a purchased SSL cert, and it is currently set to disallow unauthenticated users, so they put in a PW to get to the site.

How can I, on top of that, have another passworded section within teh website. I have 2 admin pages that I dont want regular users to get to.

So far, I have added a general user to the server, made a new directory and taken NTFS permissions from that user...but they can still see the page, unless I take all rights from the, and I get an Unhandled Exception error on the server. I have also tried making a virtual directory, same faults.

Any other ideas? Btw, these are .aspx pages.

Use "Roles"

Basically, all of your users will be put into groups. "User", "Admin", etc... When the user logs in, look up their Roles in the database. On each page that is Admin only, make sure the user is in the appropriate role. Otherwise give them an unauthorized message or something like that.

You mentioned an ASPX page. Are you using .NET 1.1 or .NET 2.0? You may be able to accomplish this, with just a couple changes to the web.config file.

(and i've moved this thread to the web programming forum where it fits in a little better. ;))

Thanks. I dont even know if I'm using the right verbage to ask the question, but what would be some good phrases to google for to find an example of what I want to do? This is .NET 2.0

For both 1.1 and 2.0 the main keyword you'll be looking for is "Forms Authentication". In 2.0, they've expanded what was available in 1.1 with the Membership API and Roles API.

Yep...knowing what to search for is sometimes half the problem :p

Thanks!