I want to use two different login procedures depending on the page that is being requested. For example: If the user is not logged in and accesses /admin or /edit I want the usual Episerver login to appear. If the user tries to open any other page I want an own login page to appear. What I did: I created a LoginWrapper.aspx that reads the parameters and redirects to either /util/login.aspx or /myownlogin.aspx depending on the ReturnUrl parameter. Of course sending the ReturnUrl. The problem: I'm getting a HTTP 400 Bad Request error when accessing /util/login.aspx through this redirect. I guess that LoginBase doesn't allow redirects. My solution: I change /templates/login.aspx to not inherit from LoginBase and use EPiServer.Util.LoginBase.HandleFormsLogin(Username.Text, Password.Text, this.PersistCookie.Checked) instead of HandleLogin() My question: Is this a bad idea in terms of security? /René