MVC4 areas and forms authentication

Question 1

Many thanks to Ufuk Hacıoğulları for putting me on the right scent. My final solution was this:

public class AreaAuthorizeAttribute : AuthorizeAttribute
{
    private readonly string area;

    public AreaAuthorizeAttribute(string area)
    {
        this.area = area;
    }

    protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
    {
        string loginUrl = "";

        if (area == "Admin")
        {
            loginUrl = "~/Admin/Login";
        }
        else if (area == "Members")
        {
            loginUrl = "~/Members/Login";
        }

        filterContext.Result = new RedirectResult(loginUrl + "?returnUrl=" + filterContext.HttpContext.Request.Url.PathAndQuery);
    }
}

Question 2

I don't know if you can make it work with configuration files in each folder. Use that solution if you can. If you can't, here's a custom action filter that you can use:

public class AreaAuthorizeAttribute : System.Web.Mvc.AuthorizeAttribute
{
    protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
    {
        string area = filterContext.RouteData.Values.ContainsKey("area") 
                        ? filterContext.RouteData.Values["area"].ToString()
                        : null;

        if (area == "Admin")
        {
            RouteValueDictionary routeValues = new RouteValueDictionary 
            {
                {"controller" , "Login"},
                {"action" , "Index"},
                {"area" , "Admin"}
             };

            filterContext.Result = new RedirectToRouteResult("AdminAreaRoute", routeValues);
        }
        else if (area == "User")
        {
            RouteValueDictionary routeValues = new RouteValueDictionary 
            {
                {"controller" , "Login"},
                {"action" , "Index"},
                {"area" , "User"}
            };

            filterContext.Result = new RedirectToRouteResult("UserAreaRoute", routeValues);
        }

        base.HandleUnauthorizedRequest(filterContext);
    }
}

You may need to fix route names, I can't remember if ASP.NET MVC generated a route for each area. Then you can use it like this:

[AreaAuthorize]
public ViewResult Index()
{
    return View("Index");
}