I have two separate login pages for edit mode and front end users for my commerce site. Currently, front end users cannot go to backend CMS by allowing roles to location path as below.
<location path="EPiServer/CMS/admin"><system.web><authorization><allow roles="WebAdmins, Administrators" /><deny users="*" /></authorization></system.web></location>
<allow roles="WebAdmins, Administrators" />
<deny users="*" />
However, backend users(webadmins, admin and WedEditors) can log in to commerce part. I cannot even use same allow roles as above for frontend as it should be accessible even when not logged in. I am using identity to authenticate and User.Identity.IsAuthenticated to check authentication. IsAuthenticated is true for both backend and frontend users when logged from respective login screen. How to avoid this?
As the pages should be visible to everyone, I'm assuming it's not an issue that the CMS users can see the pages on the site and that the issue is that they're seeing the logged-in state of the pages. What I'd suggest for this is to assign a role to all of the front-end users then, where you're currently checking whether the user is authenticated, check whether they're a member of that role as well.
You can follow the pattern that is used by Quicksilver, i.e. having a shared login page. If an administrator logged in then he/she can see quick menu and can access to protected path. A normal user can be logged in without seeing the quick menu, and if he or she try to access a protected path then he or she will be asked to login again. IMO that works quite well and it can hide your implementation details from your end users, which is probably a good thing.