• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 942
  • Last Modified:

hide nodes according to roles

good day experts,
I am using the asp.net sitemap control and I have enable the security trimming. It half way works, it shows 5 links for everybody and 4 extra links when members are logged in. But, when I assigned one node to be only acces by a superAdmin role it is still visible to everybody.

I'll attach my code to see if you can give me a hand with restricting my menu

thanks,

my menu
============
<?xml version="1.0" encoding="utf-8" ?>
<siteMap xmlns="http://schemas.microsoft.com/AspNet/SiteMap-File-1.0" >
    <siteMapNode url="default.aspx" title="HOME"  description="home">
        <siteMapNode url="about.aspx" title="ABOUT"  description="about" />
        <siteMapNode url="details.aspx" title="DETAILS"  description="details" />
        <siteMapNode url="news.aspx" title="NEWS"  description="news" />
        <siteMapNode url="projects.aspx" title="PROJECTS"  description="projects" />
        <siteMapNode url="contact.aspx" title="CONTACT"  description="contact" />
      <siteMapNode url="admin/addCollection.aspx" title="ADD COLLECTION"  description="add collection" roles="Admin" />
      <siteMapNode url="admin/addPhoto.aspx" title="ADD PHOTO"  description="add photo" roles="Admin" />
      <siteMapNode url="admin/collections.aspx" title="COLLECTIONS"  description="collections" roles="Admin" />
      <siteMapNode url="admin/admin.aspx" title="ADMIN" description="admin" roles="SuperAdmin" />
    </siteMapNode>
</siteMap>
 
==================
web.config file
=====================
  <siteMap defaultProvider="XmlSiteMapProvider" enabled="true">
      <providers>
        <add name="XmlSiteMapProvider"
          description="Default SiteMap provider."
          type="System.Web.XmlSiteMapProvider "
          siteMapFile="Web.sitemap"
          securityTrimmingEnabled="true" />
      </providers>
    </siteMap>

Open in new window

0
vthunder70
Asked:
vthunder70
  • 4
  • 3
1 Solution
 
TornadoVCommented:
Add the following to your web.config and it should do the trick:

<location path="admin/admin.aspx">
    <system.web>
         <authorization>
      <allow roles="SuperAdmin"/>
      <deny users="*"/>
         </authorization>
    </system.web>
</location>

Hope this helps
0
 
vthunder70Author Commented:
so do I have to that to every page?
0
 
TornadoVCommented:
You have two options:

1. Do that for every page
2. Place all secured pages in a separate folder and create another web.config and place it in the above mentioned folder.

Hope this helps.
0
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

 
vthunder70Author Commented:
Hi tornado,
All my files are in an admin folder, inside the admin folder i have webconfig file that restrics use to annonymous users and only allows Admin and SuperAdmin.

my menu doesn't show the link for this pages(which is good) unless you sign in. but the problems is once you sign in nomater who you are you get too see link that Admin and SuperAdmin are only suppose to see

so what I want, is for my menu to not show certain links unless you are admin or superAdmin, and if you are an admin you can't see the superAdmin links

know what I mean?
thanks a lot!
0
 
TornadoVCommented:
I understand exactly what you mean, adding location section to your web.config should help.  If you don't want to create a separate location section for every page that needs to be visible to SuperAdmin role members, then create a separate folder for SuperAdmin pages and create a new web.config.
0
 
vthunder70Author Commented:
oh really! :(

I was trying not to creat a lot folders.. oh well, I will try your suggestion tonight and get back to you.

thnaks a lot.

I also have another question if you are interested in possible getting more points =)
http://www.experts-exchange.com/Programming/Languages/.NET/ASP.NET/Q_23511563.html
0
 
TornadoVCommented:
I know, it's a pain in a neck, but your web app needs a way to know which pages to protect.

Thank you for the pointer, I will take a look.
0

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now