Solved

hide nodes according to roles

Posted on 2008-06-25
7
892 Views
Last Modified: 2013-11-07
good day experts,
I am using the asp.net sitemap control and I have enable the security trimming. It half way works, it shows 5 links for everybody and 4 extra links when members are logged in. But, when I assigned one node to be only acces by a superAdmin role it is still visible to everybody.

I'll attach my code to see if you can give me a hand with restricting my menu

thanks,

my menu

============

<?xml version="1.0" encoding="utf-8" ?>

<siteMap xmlns="http://schemas.microsoft.com/AspNet/SiteMap-File-1.0" >

    <siteMapNode url="default.aspx" title="HOME"  description="home">

        <siteMapNode url="about.aspx" title="ABOUT"  description="about" />

        <siteMapNode url="details.aspx" title="DETAILS"  description="details" />

        <siteMapNode url="news.aspx" title="NEWS"  description="news" />

        <siteMapNode url="projects.aspx" title="PROJECTS"  description="projects" />

        <siteMapNode url="contact.aspx" title="CONTACT"  description="contact" />

      <siteMapNode url="admin/addCollection.aspx" title="ADD COLLECTION"  description="add collection" roles="Admin" />

      <siteMapNode url="admin/addPhoto.aspx" title="ADD PHOTO"  description="add photo" roles="Admin" />

      <siteMapNode url="admin/collections.aspx" title="COLLECTIONS"  description="collections" roles="Admin" />

      <siteMapNode url="admin/admin.aspx" title="ADMIN" description="admin" roles="SuperAdmin" />

    </siteMapNode>

</siteMap>

 

==================

web.config file

=====================

  <siteMap defaultProvider="XmlSiteMapProvider" enabled="true">

      <providers>

        <add name="XmlSiteMapProvider"

          description="Default SiteMap provider."

          type="System.Web.XmlSiteMapProvider "

          siteMapFile="Web.sitemap"

          securityTrimmingEnabled="true" />

      </providers>

    </siteMap>

Open in new window

0
Comment
Question by:vthunder70
  • 4
  • 3
7 Comments
 
LVL 11

Accepted Solution

by:
TornadoV earned 250 total points
ID: 21899152
Add the following to your web.config and it should do the trick:

<location path="admin/admin.aspx">
    <system.web>
         <authorization>
      <allow roles="SuperAdmin"/>
      <deny users="*"/>
         </authorization>
    </system.web>
</location>

Hope this helps
0
 

Author Comment

by:vthunder70
ID: 21899626
so do I have to that to every page?
0
 
LVL 11

Expert Comment

by:TornadoV
ID: 21899983
You have two options:

1. Do that for every page
2. Place all secured pages in a separate folder and create another web.config and place it in the above mentioned folder.

Hope this helps.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:vthunder70
ID: 21900063
Hi tornado,
All my files are in an admin folder, inside the admin folder i have webconfig file that restrics use to annonymous users and only allows Admin and SuperAdmin.

my menu doesn't show the link for this pages(which is good) unless you sign in. but the problems is once you sign in nomater who you are you get too see link that Admin and SuperAdmin are only suppose to see

so what I want, is for my menu to not show certain links unless you are admin or superAdmin, and if you are an admin you can't see the superAdmin links

know what I mean?
thanks a lot!
0
 
LVL 11

Expert Comment

by:TornadoV
ID: 21900104
I understand exactly what you mean, adding location section to your web.config should help.  If you don't want to create a separate location section for every page that needs to be visible to SuperAdmin role members, then create a separate folder for SuperAdmin pages and create a new web.config.
0
 

Author Comment

by:vthunder70
ID: 21900503
oh really! :(

I was trying not to creat a lot folders.. oh well, I will try your suggestion tonight and get back to you.

thnaks a lot.

I also have another question if you are interested in possible getting more points =)
http://www.experts-exchange.com/Programming/Languages/.NET/ASP.NET/Q_23511563.html
0
 
LVL 11

Expert Comment

by:TornadoV
ID: 21900549
I know, it's a pain in a neck, but your web app needs a way to know which pages to protect.

Thank you for the pointer, I will take a look.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Creating an analog clock UserControl seems fairly straight forward.  It is, after all, essentially just a circle with several lines in it!  Two common approaches for rendering an analog clock typically involve either manually calculating points with…
Many of us here at EE write code. Many of us write exceptional code; just as many of us write exception-prone code. As we all should know, exceptions are a mechanism for handling errors which are typically out of our control. From database errors, t…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now