I have two separate login pages for edit mode and front end users for my commerce site. Currently, front end users cannot go to backend CMS by allowing roles to location path as below.
<location path="EPiServer/CMS/admin"><system.web><authorization><allow roles="WebAdmins, Administrators" /><deny users="*" /></authorization></system.web></location>
However, backend users(webadmins, admin and WedEditors) can log in to commerce part. I cannot even use same allow roles as above for frontend as it should be accessible even when not logged in. I am using identity to authenticate and User.Identity.IsAuthenticated to check authentication. IsAuthenticated is true for both backend and frontend users when logged from respective login screen. How to avoid this?