Actually, while this article provides code that
works, it is based on an incorrect assumption and one that has been covered
several times in this forum. The roles attribute on the siteMapNode does NOT
restrict node visibility based upon the role, it actually makes the node
visible. Node visibility is controlled by the authorization section of
web.config, either globally, or individually with location tags.
Using authorization this way, which is not just
roles as it can be user based, secures pages. A secured page will not be
accessible, whether accessed directly or seen via the sitemap. The sitemap
providers (which the SiteMapDataSource control uses) will not show nodes if the
user isn't authenticated for that node. So if you use a TreeViewfor navigation
then you get this feature automatically.
The use of the roles attribute on a SiteMapNode
allows for the node to be visible on a menu control (Menu or TreeView), even if
the user isn't authorized to access the page. Trying to access the page will
redirect you to the login page.
Dave
Yep,
roles.
http://www..codeproject.com/aspnet/aspnet2security.asp This
is a good article on extending the use of roles in choosing which of your
sitemap elements you want visible to whom. I am however making the
assumption you are using the sitemap for your treeview. You can make
other sitemaps and register them in the web.config for special case use if you
like as well.
HTH,
Aaron
http://forums.asp.net/1082251/ShowPost.aspx#1082377