Solved

hide nodes according to roles

Posted on 2008-06-25
7
914 Views
Last Modified: 2013-11-07
good day experts,
I am using the asp.net sitemap control and I have enable the security trimming. It half way works, it shows 5 links for everybody and 4 extra links when members are logged in. But, when I assigned one node to be only acces by a superAdmin role it is still visible to everybody.

I'll attach my code to see if you can give me a hand with restricting my menu

thanks,

my menu
============
<?xml version="1.0" encoding="utf-8" ?>
<siteMap xmlns="http://schemas.microsoft.com/AspNet/SiteMap-File-1.0" >
    <siteMapNode url="default.aspx" title="HOME"  description="home">
        <siteMapNode url="about.aspx" title="ABOUT"  description="about" />
        <siteMapNode url="details.aspx" title="DETAILS"  description="details" />
        <siteMapNode url="news.aspx" title="NEWS"  description="news" />
        <siteMapNode url="projects.aspx" title="PROJECTS"  description="projects" />
        <siteMapNode url="contact.aspx" title="CONTACT"  description="contact" />
      <siteMapNode url="admin/addCollection.aspx" title="ADD COLLECTION"  description="add collection" roles="Admin" />
      <siteMapNode url="admin/addPhoto.aspx" title="ADD PHOTO"  description="add photo" roles="Admin" />
      <siteMapNode url="admin/collections.aspx" title="COLLECTIONS"  description="collections" roles="Admin" />
      <siteMapNode url="admin/admin.aspx" title="ADMIN" description="admin" roles="SuperAdmin" />
    </siteMapNode>
</siteMap>
 
==================
web.config file
=====================
  <siteMap defaultProvider="XmlSiteMapProvider" enabled="true">
      <providers>
        <add name="XmlSiteMapProvider"
          description="Default SiteMap provider."
          type="System.Web.XmlSiteMapProvider "
          siteMapFile="Web.sitemap"
          securityTrimmingEnabled="true" />
      </providers>
    </siteMap>

Open in new window

0
Comment
Question by:vthunder70
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 11

Accepted Solution

by:
TornadoV earned 250 total points
ID: 21899152
Add the following to your web.config and it should do the trick:

<location path="admin/admin.aspx">
    <system.web>
         <authorization>
      <allow roles="SuperAdmin"/>
      <deny users="*"/>
         </authorization>
    </system.web>
</location>

Hope this helps
0
 

Author Comment

by:vthunder70
ID: 21899626
so do I have to that to every page?
0
 
LVL 11

Expert Comment

by:TornadoV
ID: 21899983
You have two options:

1. Do that for every page
2. Place all secured pages in a separate folder and create another web.config and place it in the above mentioned folder.

Hope this helps.
0
Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

 

Author Comment

by:vthunder70
ID: 21900063
Hi tornado,
All my files are in an admin folder, inside the admin folder i have webconfig file that restrics use to annonymous users and only allows Admin and SuperAdmin.

my menu doesn't show the link for this pages(which is good) unless you sign in. but the problems is once you sign in nomater who you are you get too see link that Admin and SuperAdmin are only suppose to see

so what I want, is for my menu to not show certain links unless you are admin or superAdmin, and if you are an admin you can't see the superAdmin links

know what I mean?
thanks a lot!
0
 
LVL 11

Expert Comment

by:TornadoV
ID: 21900104
I understand exactly what you mean, adding location section to your web.config should help.  If you don't want to create a separate location section for every page that needs to be visible to SuperAdmin role members, then create a separate folder for SuperAdmin pages and create a new web.config.
0
 

Author Comment

by:vthunder70
ID: 21900503
oh really! :(

I was trying not to creat a lot folders.. oh well, I will try your suggestion tonight and get back to you.

thnaks a lot.

I also have another question if you are interested in possible getting more points =)
http://www.experts-exchange.com/Programming/Languages/.NET/ASP.NET/Q_23511563.html
0
 
LVL 11

Expert Comment

by:TornadoV
ID: 21900549
I know, it's a pain in a neck, but your web app needs a way to know which pages to protect.

Thank you for the pointer, I will take a look.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

It was really hard time for me to get the understanding of Delegates in C#. I went through many websites and articles but I found them very clumsy. After going through those sites, I noted down the points in a easy way so here I am sharing that unde…
If you need to start windows update installation remotely or as a scheduled task you will find this very helpful.
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question