Solved

hide nodes according to roles

Posted on 2008-06-25
7
902 Views
Last Modified: 2013-11-07
good day experts,
I am using the asp.net sitemap control and I have enable the security trimming. It half way works, it shows 5 links for everybody and 4 extra links when members are logged in. But, when I assigned one node to be only acces by a superAdmin role it is still visible to everybody.

I'll attach my code to see if you can give me a hand with restricting my menu

thanks,

my menu
============
<?xml version="1.0" encoding="utf-8" ?>
<siteMap xmlns="http://schemas.microsoft.com/AspNet/SiteMap-File-1.0" >
    <siteMapNode url="default.aspx" title="HOME"  description="home">
        <siteMapNode url="about.aspx" title="ABOUT"  description="about" />
        <siteMapNode url="details.aspx" title="DETAILS"  description="details" />
        <siteMapNode url="news.aspx" title="NEWS"  description="news" />
        <siteMapNode url="projects.aspx" title="PROJECTS"  description="projects" />
        <siteMapNode url="contact.aspx" title="CONTACT"  description="contact" />
      <siteMapNode url="admin/addCollection.aspx" title="ADD COLLECTION"  description="add collection" roles="Admin" />
      <siteMapNode url="admin/addPhoto.aspx" title="ADD PHOTO"  description="add photo" roles="Admin" />
      <siteMapNode url="admin/collections.aspx" title="COLLECTIONS"  description="collections" roles="Admin" />
      <siteMapNode url="admin/admin.aspx" title="ADMIN" description="admin" roles="SuperAdmin" />
    </siteMapNode>
</siteMap>
 
==================
web.config file
=====================
  <siteMap defaultProvider="XmlSiteMapProvider" enabled="true">
      <providers>
        <add name="XmlSiteMapProvider"
          description="Default SiteMap provider."
          type="System.Web.XmlSiteMapProvider "
          siteMapFile="Web.sitemap"
          securityTrimmingEnabled="true" />
      </providers>
    </siteMap>

Open in new window

0
Comment
Question by:vthunder70
  • 4
  • 3
7 Comments
 
LVL 11

Accepted Solution

by:
TornadoV earned 250 total points
ID: 21899152
Add the following to your web.config and it should do the trick:

<location path="admin/admin.aspx">
    <system.web>
         <authorization>
      <allow roles="SuperAdmin"/>
      <deny users="*"/>
         </authorization>
    </system.web>
</location>

Hope this helps
0
 

Author Comment

by:vthunder70
ID: 21899626
so do I have to that to every page?
0
 
LVL 11

Expert Comment

by:TornadoV
ID: 21899983
You have two options:

1. Do that for every page
2. Place all secured pages in a separate folder and create another web.config and place it in the above mentioned folder.

Hope this helps.
0
3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

 

Author Comment

by:vthunder70
ID: 21900063
Hi tornado,
All my files are in an admin folder, inside the admin folder i have webconfig file that restrics use to annonymous users and only allows Admin and SuperAdmin.

my menu doesn't show the link for this pages(which is good) unless you sign in. but the problems is once you sign in nomater who you are you get too see link that Admin and SuperAdmin are only suppose to see

so what I want, is for my menu to not show certain links unless you are admin or superAdmin, and if you are an admin you can't see the superAdmin links

know what I mean?
thanks a lot!
0
 
LVL 11

Expert Comment

by:TornadoV
ID: 21900104
I understand exactly what you mean, adding location section to your web.config should help.  If you don't want to create a separate location section for every page that needs to be visible to SuperAdmin role members, then create a separate folder for SuperAdmin pages and create a new web.config.
0
 

Author Comment

by:vthunder70
ID: 21900503
oh really! :(

I was trying not to creat a lot folders.. oh well, I will try your suggestion tonight and get back to you.

thnaks a lot.

I also have another question if you are interested in possible getting more points =)
http://www.experts-exchange.com/Programming/Languages/.NET/ASP.NET/Q_23511563.html
0
 
LVL 11

Expert Comment

by:TornadoV
ID: 21900549
I know, it's a pain in a neck, but your web app needs a way to know which pages to protect.

Thank you for the pointer, I will take a look.
0

Featured Post

Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Today I had a very interesting conundrum that had to get solved quickly. Needless to say, it wasn't resolved quickly because when we needed it we were very rushed, but as soon as the conference call was over and I took a step back I saw the correct …
A long time ago (May 2011), I have written an article showing you how to create a DLL using Visual Studio 2005 to be hosted in SQL Server 2005. That was valid at that time and it is still valid if you are still using these versions. You can still re…
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

815 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now