Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

hide nodes according to roles

Posted on 2008-06-25
7
Medium Priority
?
928 Views
Last Modified: 2013-11-07
good day experts,
I am using the asp.net sitemap control and I have enable the security trimming. It half way works, it shows 5 links for everybody and 4 extra links when members are logged in. But, when I assigned one node to be only acces by a superAdmin role it is still visible to everybody.

I'll attach my code to see if you can give me a hand with restricting my menu

thanks,

my menu
============
<?xml version="1.0" encoding="utf-8" ?>
<siteMap xmlns="http://schemas.microsoft.com/AspNet/SiteMap-File-1.0" >
    <siteMapNode url="default.aspx" title="HOME"  description="home">
        <siteMapNode url="about.aspx" title="ABOUT"  description="about" />
        <siteMapNode url="details.aspx" title="DETAILS"  description="details" />
        <siteMapNode url="news.aspx" title="NEWS"  description="news" />
        <siteMapNode url="projects.aspx" title="PROJECTS"  description="projects" />
        <siteMapNode url="contact.aspx" title="CONTACT"  description="contact" />
      <siteMapNode url="admin/addCollection.aspx" title="ADD COLLECTION"  description="add collection" roles="Admin" />
      <siteMapNode url="admin/addPhoto.aspx" title="ADD PHOTO"  description="add photo" roles="Admin" />
      <siteMapNode url="admin/collections.aspx" title="COLLECTIONS"  description="collections" roles="Admin" />
      <siteMapNode url="admin/admin.aspx" title="ADMIN" description="admin" roles="SuperAdmin" />
    </siteMapNode>
</siteMap>
 
==================
web.config file
=====================
  <siteMap defaultProvider="XmlSiteMapProvider" enabled="true">
      <providers>
        <add name="XmlSiteMapProvider"
          description="Default SiteMap provider."
          type="System.Web.XmlSiteMapProvider "
          siteMapFile="Web.sitemap"
          securityTrimmingEnabled="true" />
      </providers>
    </siteMap>

Open in new window

0
Comment
Question by:vthunder70
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 11

Accepted Solution

by:
TornadoV earned 1000 total points
ID: 21899152
Add the following to your web.config and it should do the trick:

<location path="admin/admin.aspx">
    <system.web>
         <authorization>
      <allow roles="SuperAdmin"/>
      <deny users="*"/>
         </authorization>
    </system.web>
</location>

Hope this helps
0
 

Author Comment

by:vthunder70
ID: 21899626
so do I have to that to every page?
0
 
LVL 11

Expert Comment

by:TornadoV
ID: 21899983
You have two options:

1. Do that for every page
2. Place all secured pages in a separate folder and create another web.config and place it in the above mentioned folder.

Hope this helps.
0
Basic Security of Your VPC

So, you’ve got this shiny new VPC and a fancy new application configured on your EC2 servers ready to go. This application is only accessible from your computer, which is great for security, but you need your users to be able to access it! So, what’s the easiest way to do this?

 

Author Comment

by:vthunder70
ID: 21900063
Hi tornado,
All my files are in an admin folder, inside the admin folder i have webconfig file that restrics use to annonymous users and only allows Admin and SuperAdmin.

my menu doesn't show the link for this pages(which is good) unless you sign in. but the problems is once you sign in nomater who you are you get too see link that Admin and SuperAdmin are only suppose to see

so what I want, is for my menu to not show certain links unless you are admin or superAdmin, and if you are an admin you can't see the superAdmin links

know what I mean?
thanks a lot!
0
 
LVL 11

Expert Comment

by:TornadoV
ID: 21900104
I understand exactly what you mean, adding location section to your web.config should help.  If you don't want to create a separate location section for every page that needs to be visible to SuperAdmin role members, then create a separate folder for SuperAdmin pages and create a new web.config.
0
 

Author Comment

by:vthunder70
ID: 21900503
oh really! :(

I was trying not to creat a lot folders.. oh well, I will try your suggestion tonight and get back to you.

thnaks a lot.

I also have another question if you are interested in possible getting more points =)
http://www.experts-exchange.com/Programming/Languages/.NET/ASP.NET/Q_23511563.html
0
 
LVL 11

Expert Comment

by:TornadoV
ID: 21900549
I know, it's a pain in a neck, but your web app needs a way to know which pages to protect.

Thank you for the pointer, I will take a look.
0

Featured Post

Understanding Linux Permissions

Linux for beginners: How to view the permissions associated with files and directories and also how you can change them.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Just a quick little trick I learned recently.  Now that I'm using jQuery with abandon in my asp.net applications, I have grown tired of the following syntax:      (CODE) I suppose it just offends my sense of decency to put inline VBScript on a…
International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question