CodeVerge.Net Beta


   Explore    Item Entry   Register  Login  
Microsoft News
Asp.Net Forums
IBM Software
Borland Forums
Adobe Forums
Novell Forums




Can Reply:  No Members Can Edit: No Online: Yes
Zone: > NEWSGROUP > Asp.Net Forum > general_asp.net.master_pages_themes_and_navigation_controls Tags:
Item Type: NewsGroup Date Entered: 4/10/2006 10:20:36 PM Date Modified: Subscribers: 0 Subscribe Alert
Rate It:
NR
XPoints: N/A Replies: 3 Views: 37 Favorited: 0 Favorite
4 Items, 1 Pages 1 |< << Go >> >|
divitiae
Asp.Net User
hiding specific siteMapNodes based on roles4/10/2006 10:20:36 PM

0

Here's what I have:

 

web.config:

    <siteMap defaultProvider="XmlSiteMapProvider" enabled="true">
      <providers>
        <add name="XmlSiteMapProvider"
          description="Default SiteMap provider."
          type="System.Web.XmlSiteMapProvider"
          siteMapFile="Web.sitemap"
          securityTrimmingEnabled="true"/>
      </providers>
    </siteMap>

web.sitemap:

<siteMap>
    <siteMapNode url="~/default.aspx" title="Home" description="Home Page" roles="*">
      <siteMapNode url="~/customer/owsSummaryInsured.aspx" title="Summary" description="Insured Summary" roles="Customer" />
      <siteMapNode url="~/customer/owsPoliciesInsured.aspx" title="Policies" description="Current Policies Applie to an Insured" roles="Customer" />
      <siteMapNode url="~/customer/owsVehiclesInsured.aspx" title="Vehicles" description="Insured Vehicles" roles="Customer" />
      <siteMapNode url="~/customer/owsDriversInsured.aspx" title="Drivers" description="Insured Drivers" roles="Customer" />
      <siteMapNode url="~/customer/owsBillingInsured.aspx" title="Billing" description="Insured Billing Statement" roles="Customer" />
      <siteMapNode url="~/customer/owssuggestions.aspx" title="Suggestion" description="Suggestion Form" roles="Customer" />
      <siteMapNode url="~/shared/Documents.aspx?doctype=dynamic&perpolicy=yes" title="Policy Documents" description="Policy Documents" roles="Customer"/>

      <siteMapNode url="~/broker/owsListPolicies.aspx" title="Policies" description="List of Policies" roles="Broker" />
      <siteMapNode url="~/broker/owsSearch.aspx" title="Search" description="Search Option" roles="Broker" />
      <siteMapNode url="~/shared/Documents.aspx?doctype=static" title="Forms" description="Available Broker Forms" roles="Broker" />
      <siteMapNode url="~/shared/Documents.aspx?doctype=dynamic" title="Documents" description="Brokers Documents" roles="Broker" />
      <siteMapNode url="~/broker/owsSuppliesBroker.aspx" title="Supplies" description="Supplies for Brokers" roles="Broker" />
      <siteMapNode url="~/broker/owsSuggestions.aspx" title="Suggestion" description="Suggestion Form" roles="Broker" />
      <siteMapNode url="~/broker/owsCommissionStatements.aspx" title="Statements" description="Commission Statement" roles="Broker" />
      <siteMapNode url="~/broker/Permissions.aspx" title="User Permissions" description="User Permissions" roles="Broker" />
    </siteMapNode>
</siteMap>

My roles are set up so that customers and only customers have access to the customers folder, brokers and only brokers have access to the brokers folder, and customers and brokers have access to the shared folder.

Right now, the only "shared" page they have access to is the "documents" page.  But, brokers have two ways to access the page, customers have 1 (specified through query string).  Because the shared folder is available to both, all three documents.aspx siteMapNodes are showing up in the event of BOTH logins.

I know it doesn't work this way, but is there a(n easy way) to have it show only those with roles specifically specified in the web.sitemap instead of the way it works now.

Thanks in advance!
Torben71
Asp.Net User
Re: hiding specific siteMapNodes based on roles4/11/2006 6:30:02 AM

0

Hello

I don't know if i'm wrong, but if I should make the solution I would build up the Web.sitemap after the login auth. I would extract the sitemap.nodes from a database and build up the web.sitemap dynamically . This would also be an easy way to maintaince the web.sitemap.

Take a look at the solution here: http://www.codeproject.com/aspnet/DynamicSiteMapPath.asp

Ofcourse you must alter the tables in the database (e.g put in a role column) and change the select statement to something like:

SELECT * FROM <table> where <role> = user.role ORDER BY <field>
dannychen
Asp.Net User
Re: hiding specific siteMapNodes based on roles4/12/2006 9:50:42 PM

0

This is quite an interesting situation.  There are a couple ways to fix this but I think the lowest impact would be alias those files with urlMappings. 

If you added something like:

<urlMappings>
  <add url="~/broker/staticdocument.aspx" mappedUrl="~/shared/Documents.aspx?doctype=static" />
</urlMappings>

And then in web.sitemap you would do instead:

<siteMapNode url="~/broker/staticdocument.aspx" title="Forms" ... />

Then, the security trimming would trim this document as if it was under the ~/broker/ area but it would actually link to the shared document.

Would that work for you?

--
Danny

disclaimer: Information provided is 'as is' and conveys no warranties or guarantees.
divitiae
Asp.Net User
Re: hiding specific siteMapNodes based on roles4/17/2006 4:09:04 PM

0

Great!  Thanks Danny, that's a great idea, should work well without a lot of impact.
4 Items, 1 Pages 1 |< << Go >> >|


Free Download:

Books:
Beginning ASP.NET 3.5: In C# and VB Authors: Imar Spaanjaars, Pages: 734, Published: 2008
Core Internet application development with ASP.NET 2.0 Authors: Randy Connolly, Pages: 1049, Published: 2007
Essential ASP .NET 2.0 Authors: Fritz Onion, Keith Brown, Pages: 345, Published: 2007
PROFESSIONAL ASP.NET 2.0 SECURITY,MEMBERSHIP, & ROLE MANAGEMENT Authors: Stefan Schackow, Pages: 612, Published: 2006
Pro ASP.NET 2.0 in C# 2005 Authors: Matthew MacDonald, Mario Szpuszta, Pages: 1464, Published: 2006

Web:
Hide menu nodes based on roles : asp.net Oct 17, 2008 ... The bondsman and bountyhunter nodes go to sections of the site that ... Keywords: Hide menu nodes based on roles ... Development; Firewalls; Industry Specific; Internet / Email; Message Queue ...
asp.net menu with role-based sub-menus : ASP.NET, Visual Studio ... Feb 26, 2009 ... I just want to display/hide certain submenus when needed. Question Stats ... Database; Development; Firewalls; Industry Specific; Internet / Email; Message Queue ... Use sitemap and associate roles for sitemap nodes. ...
SiteMapNodes visible by roles - ASP.NET Forums First of all, to prune nodes in the sitemap based upon the user's ... The roles attribute in the web.sitemap is not to hide nodes, but to show nodes. ... Only visible to a specific retailer, hidden for everyone else ...
Security Best Practices Feature of site map providers; Varies navigation UI based on roles .... The controls create browser-specific code so that users with client-side ... " Security trimming" refers to a site map provider's ability to hide nodes ... Authorization is role-based and is enacted by including roles attributes in < siteMapNode> ...
how to give access to specific users for a sub sub page - ASP.NET ... < siteMapNode ... I t was not hiding the page that i don't want to show to everyone. ... MCP - Web Based Client Development .NET 2.0 ...

Pass data from master page to other pages - ng.asp-net-forum ... Programmatically Impersonate Specific User ... pass data from master page to other pages · hiding specific sitemapnodes based on roles . ...
Loop through Master Page Controls - ng.asp-net-forum ... hiding specific sitemapnodes based on roles · master pages - good and bad? asp. net 2.0 menu control does not work if id starts with an underscore ...
How to turn off validation? - ng.asp-net-forum ... hiding specific sitemapnodes based on roles · treeview event handler on content page · could not find 'contentholder' in current master page or pages ...












digital certificates

creating/setting file folder permissions

login control erroring on live server and not local

web service calling unix script - security between the two?

adding a regularexpressionvalidator to login control

membership and window authentication

accessing the 'user' class from my own class? (vb.net)

insuring ssl is used

forms authentication and impersonation problem

deployment of azman authorization store

formslogin/impersonation/acl examples?

integrated windows authentication always prompting for credentials

co-existence of windows and forms authentication in one asp.net 2.0 application

getting logged in user in active directory

how do i access sys.services.authenticationservice.login from an html page?

login control not working

error on building the application that uses form authentication.

any event triggered upon user activation?

some advice needed to carry on

getting error when trying to implement membership : "there is a problem with your selected data store. "

form authentication

how to give permission to each user??

which parts of a page are unencrypted?

asp.net worker process under windows server 2003 / iis 6.0 in iis 5.0 isolation mode

redirecting back to original page after login or register

permission denied on .dll

com control as part of a custom provider ?

need help in passing loginname to sql server db

windows authentication domain

help, i think i am lossing the battle and even losing the war.
 
Search This Site:

 
  Privacy | Contact Us
All Times Are GMT