Not sure if this is a good question but thought I'll ask..

I've develop a VB.NET application that we now want to move to the web.  And, I am amazed on the restriction of the web development in ASP.NET.  

Actually, I am using the Website Navagation.  And using web.sitemap.  It appears a really nice feature with the web.config and all.  However, I was thinking if I have someone log in.  I would like the webcontrol.menu to show differently based on who signs in.

For example, I want the Administrator to see following links in the menu:

Admin | Employees | Managers | Guests

And, the Employees to see:

Employees | Guests

And managers to see:

Employees | Managers | Guests

And the Guests will only see:

Guests

Is there a way I could manage the menu based on who signed in?  

Any suggestions on how to do it or what to do?

Thank you,

SLC Tech
SLCTechAsked:
Who is Participating?
 
TornadoVConnect With a Mentor Commented:
You can put the following in your web.config:

<location path="admin.aspx">
   <system.web>
         <authorization>
      <allow roles="admins"/>
      <deny users="*"/>
         </authorization>
   </system.web>
</location>

<location path="employees.aspx">
   <system.web>
         <authorization>
      <allow roles="admin,managers,employees"/>
      <deny users="*"/>
         </authorization>
   </system.web>
</location>

etc.

Basically you can restrict access to the specific page(s) by modifying web.config sections and specifying roles that are allowed to have access.
0
 
SLCTechAuthor Commented:
Are you saying there is no way the web.sitemap can control the webcontrol.menu from inside the page to have a navagation based on the roles?  I do not want to create so many pages just to modify the navagation of the site.

SLC Tech
0
 
TornadoVCommented:
No, I am not saying that, on a contrary web.sitemap controls any/all navigation controls on the page if it is selected as their datasource.

If web.sitemap is a datasource for your menu control and you have applied access rules then all authenticated users will only see links based on their roles.  I don't think you would want just to hide links from the menu; you might also want to restrict access to the pages that hidden links are pointing to.  If you simply remove a link to your 'admin.aspx' from navigation menu it will not stop a 'Guest' user from simply typing the URL in the address bar.
0
 
TornadoVCommented:
Are you trying to implement Site-Map Security Trimming?  Here is a good article: http://msdn2.microsoft.com/en-US/library/ms178429.aspx
0
 
SLCTechAuthor Commented:
Wow your right.  I didn't see that one till I ran the script.

Thank you very much.

SLC Tech
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.