Hi,

I have Treeview with Sitemap and roles security enabled site configured properly.  What I am simply trying to do is hide one URL link node based on roles I am not worried about the security on this page I just need to hide the link.  From my research I understand siteMapNode?s that don?t have URL?s must have roles assigned for it to be visible I also understand that the roles attribute on the siteMapNode doesn't restrict visibility it widens it to allow the node to be shown to a user of a role.

----------TEST 1 -------------------------------------------------------------------------------------------------------------------------------------------------------

In the web.config I have tried to add Locations path (see example below) but because of the querystring information those special characters are not allowed within the web.config file.

--Example of my Web.SiteMap

<siteMapNode url="" title="Appetizers" description="" roles="Admin,Store User" >

<siteMapNode url="~/Products/Category.aspx?cax=8&#38;scax=19" title="Hors d'oeuvres" description="" />

<siteMapNode url="~/Products/Category.aspx?cax=8&#38;scax=41" title="Dips &#38; Sauces" description="" />

</siteMapNode>

--Example of my Web.Config

<siteMap defaultProvider="default" enabled="true">

<providers>

<add name="default" type="System.Web.XmlSiteMapProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" siteMapFile="web.sitemap" securityTrimmingEnabled="true"/>

</providers>

</siteMap>

--placed just below </system.web>

<location path="~/Products/Category.aspx?cax=8&#38;scax=41">

      <system.web>

            <authorization>

                  <deny users="Store User"/>

            </authorization>

      </system.web>

</location>

----------TEST 2 -------------------------------------------------------------------------------------------------------------------------------------------------------

With test 2 I have added only the admin role to try and hide Dips & Sauces Category from ?Store Users? this test did not work.  If I had child nodes under ?Dips & Sauces? those nodes would not be visible for ?Store User?. 

--Example of my Web.SiteMap

<siteMapNode url="" title="Appetizers" description="" roles="Admin,Store User" >

<siteMapNode url="~/Products/Category.aspx?cax=8&#38;scax=19" title="Hors d'oeuvres" description="" roles="Admin,Store User" />

<siteMapNode url="~/Products/Category.aspx?cax=8&#38;scax=41" title="Dips &#38; Sauces" description="" roles="Admin" />

</siteMapNode>

In conclusion I think the problem resides with the querystring urls and I can?t think of any other ways to fix this problem except build my own custom Treeview menu.

You're right in the assumption of query striongs - authorization only affects the base URL, not the query string. So site map entries that have the same base url all get the same authorization. The solution is not to write a treeview, but to write a custom site map provider, with custom authorization checking.

Read more on custom site maps in the provider toolkit (referenced from this blog post: http://weblogs.asp.net/scottgu/archive/2006/04/13/442772.aspx)

Dave

Did you manage to get around the problem with querystrings and roles?

 I'm experiencing the same problem...and don't want to duplicate .aspx pages for each of my querystrings