If you want to use different bindings for whether a user is logged in or out, it's very simple.
Bind<IUnitOfWork>()
.To<WebsiteDbContext>()
.When(x => !HttpContext.Current.Request.IsAuthenticated)
.InRequestScope()
.WithConstructorArgument(
"connectionString",
ConfigurationManager.ConnectionStrings[ConnectionStringKeys.UnauthorisedUser]
.ConnectionString);
Bind<IUnitOfWork>()
.To<WebsiteDbContext>()
.When(x => HttpContext.Current.Request.IsAuthenticated)
.InRequestScope()
.WithConstructorArgument(
"connectionString",
ConfigurationManager.ConnectionStrings[ConnectionStringKeys.AuthorisedUser]
.ConnectionString);
Note that these both have the same IUnitOfWork binding, it will simply return the correct one based on whether the user is logged in or not.
I would also do this:
Bind<IIdentity>()
.To<WebIdentity>()
...
Bind<IIdentity>()
.ToMethod(x => HttpContext.Current.User.Identity)
.WhenInjectedInto(typeof(WebIdentity))
...
Bind<IPrincipal>()
.To<WebsitePrincipal>()
...
Then, configure your WebsitePrincipal's constructor to take IIdentity and IApplicationConfiguration parameters, make WebIdentity's constructor take IIdentity and IRoleRepository as parameters (note the .WhenInjectedInto uses the existing Identity). Have your constructors do the work.
Then you need only write the following (DI takes care of the rest):
protected void Application_PostAuthenticateRequest(Object sender, EventArgs e)
{
HttpContext.Current.User = DependencyResolver.Current.GetService(typeof(IPrincipal));
}