Hi,

The site I'm working on has a different authentication model for web users. However, it's not secure enough for admin so I disabled admin access using this method use the main authentication for admin. Is there any way to show my CustomAuthenticator when requesting access to the website, but normal MemberAuthenticator when requesting access to the CMS?

I've got as far as showing both when anonymous users are trying to access secure pages. However, I don't want web users to see the admin authentication. When I unregister MemberAuthenticator, admins have no access method.

I've tried unregistering MemberAuthenticator and calling MemberLoginForm independently, but when login fails it sends you to Security/login and the site Login (not the independent CMS login).

Ideally, I'd like some way to unregister MemberAuthenticator when Director::siteMode() = 'site' (requesting site), and register it when Director::siteMode() = 'cms' (requesting cms)

Workaround:

1. Disable MemberAuthenticator, so only customer login shows on normal /Security/login requests

_config.php:

Authenticator::register_authenticator('CustomerAuthenticator');
Authenticator::set_default_authenticator('CustomerAuthenticator');
Authenticator::unregister_authenticator('MemberAuthenticator');

2. Create rule to have a new CMS entry point (in this case "/manager" ), in reality this is just a pointer to the standard MemberAuthenticator, now disabled for all standard security login requests.

_config.php:

Director::addRules(100, array('manager' => 'AdminLogin_Controller',)); 

3. Create a new controller to handle this entry point, ensure any bad logins get redirected back to it.

class AdminLogin_Controller extends Page_Controller {

    function init() {
        Session::set('BadLoginURL', '/manager'); parent::init();
    }

    function Form() {
        return new MemberLoginForm?($this, "LoginForm");
    }

    function Title() {
        return "Admin Log in";
    }
}