Solved

Site Map Data source

Posted on 2007-11-16
5
203 Views
Last Modified: 2013-11-07
When I setup my sitemap in asp.net, how can I define within the site map that this particular menu should only be displayed if the person is logged in?

And in roles="*", what are the other possible values? How does that work?
0
Comment
Question by:BobCSD
  • 3
  • 2
5 Comments
 
LVL 16

Accepted Solution

by:
McExp earned 500 total points
ID: 20300610
you would need to use Membership to control what the user has access to and then the SiteMap Menu will be security trimmed acordingly.

See the extract below from my web.config

      <location path="admin/Gallery">
            <system.web>
                  <authorization>
                        <allow roles="adminPhotos"/>
                        <deny users="*"/>
                  </authorization>
            </system.web>
      </location>

The above will only allow users who are in the role adminPhotos access to the area ~/admin/Gallery. All other things in the site (asp:Menu etc) will automatically security trim.
0
 
LVL 16

Expert Comment

by:McExp
ID: 20300634
How are your users logging into the site do you use Forms Auth?

I should have said you need to use Membership and RolesProviders and a Secured SiteMap, see bellow for another snip from my web.config

            <membership defaultProvider="AccessMembershipProvider">
                  <providers>
                        <clear/>
                        <add name="AccessMembershipProvider" type="Samples.AccessProviders.AccessMembershipProvider" connectionStringName="ASPNetDB" enablePasswordRetrieval="false" enablePasswordReset="true" requiresUniqueEmail="true" requiresQuestionAndAnswer="false" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" applicationName="RAdmin" hashAlgorithmType="SHA1" passwordFormat="Hashed"/>
                  </providers>
            </membership>
            <roleManager enabled="true" cacheRolesInCookie="true" defaultProvider="AccessRoleProvider">
                  <providers>
                        <add connectionStringName="ASPNetDB" applicationName="RedsAdmin" name="AccessRoleProvider" type="Samples.AccessProviders.AccessRoleProvider"/>
                  </providers>
            </roleManager>
            <siteMap enabled="true" defaultProvider="SecuredSiteMapProvider">
                  <providers>
                        <clear/>
                        <add name="SecuredSiteMapProvider" description="Default SiteMap provider." type="System.Web.XmlSiteMapProvider " siteMapFile="Web.sitemap" securityTrimmingEnabled="true"/>
                  </providers>
            </siteMap>

As you can see I use the Access provider, if you are using Sql Server your code will differ slightly. However the concert still applies.
0
 
LVL 1

Author Comment

by:BobCSD
ID: 20301490
well, I guess I'll have to take your word for it, since I can't test it at this point. :)

thanks!
0
 
LVL 16

Expert Comment

by:McExp
ID: 20301650
As an alternative to this you can show/hide menu items in the Databound event of the asp:menu. in this you can use "User.Identity.IsAuthenticated" and you wouldn't need any of what I have suggested above. If you need more info, ask and I'll find the solution I have provided to others before.
0
 
LVL 1

Author Comment

by:BobCSD
ID: 20302230
Okay, I"ll open a new question. thanks!
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

In my previous two articles we discussed Binary Serialization (http://www.experts-exchange.com/A_4362.html) and XML Serialization (http://www.experts-exchange.com/A_4425.html). In this article we will try to know more about SOAP (Simple Object Acces…
Many of us here at EE write code. Many of us write exceptional code; just as many of us write exception-prone code. As we all should know, exceptions are a mechanism for handling errors which are typically out of our control. From database errors, t…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now