can someone explain me why this does not work?

Chris

Hi,

I have a problem with sitemap combined with role. I posted in the
professional group but i reformulated here and made the things simplier: I
tried a lot of things, read a lot of stuff, but it's still unsolved.

there are two defined users: user1 and user2
there is one role: manager
user1 belongs to the role manager; user2 not.

there are three pages (page1.aspx, page2.aspx and page3.aspx).
page1.aspx is only reserved for role manager (user1)
page2.aspx and page3.aspx is for all users.

the sitemap is:
-------------
<siteMapNode url="page1.aspx " title="pg1" roles="manager" >
<siteMapNode url="page2.aspx " title="pg2" roles="*" >
</siteMapNode>
<siteMapNode url="page3.aspx " title="pg3" roles="*" >
</siteMapNode>
</siteMapNode>

i read somewhere on internet this:
"If the current user is in a role specified in the node's Roles property, or
if Roles is "*", the node is returned. "
"If the current user is not in a role specified in the node's Roles
property, then a URL authorization check is performed to determine whether
the user has access to the node's URL. If the answer is yes, the node is
returned. "

so i put a URL authorization in the web.config:
-----------------------------------------------------------------

<configuratio n xmlns="http://schemas.microso ft.com/.NetConfigurati on/v2.0">
<appSettings/>
<connectionStri ngs/>

<system.web>
<roleManager enabled="true" />
</system.web>

<location path="page1.asp x">
<system.web>
<authorizatio n>
<deny users="*" />
</authorization>
</system.web>
</location>

<system.web>

<compilation debug="false" strict="false" explicit="true" />
<pages>
<namespaces>
<clear />
<add namespace="Syst em" />
.......
..........
</namespaces>
</pages>

<authenticati on mode="Forms" />

<siteMap defaultProvider ="AspXmlSiteMap Provider" enabled="true">
<providers>
<clear/>
<add name="AspXmlSit eMapProvider"
type="System.We b.XmlSiteMapPro vider, System.Web, Version=2.0.360 0.0,

Culture=neutral , PublicKeyToken= b03f5f7f11d50a3 a"
siteMapFile="we b.sitemap" securityTrimmin gEnabled="true"/>
</providers>
</siteMap>
</system.web>
</configuration>

When logging as user1, i see the three pages (that's ok).
When logging with user2, i see nothing.

Because user2 is not in the role for page1, the Url authorization takes
place and this page1 is hidden, but why the two others? there are roles="*"
on each line in web.sitemap.

Later,I added this in web.config for testing: but this gives exactly the
same: user1 sees all 3 pages, user2 nothing!

<location path="page2.asp x">
<system.web>
<authorizatio n>
<allow users="*" />
</authorization>
</system.web>
</location>

Thanks for explanation
Chris

Jun 20 '07 #1

Subscribe Reply

1242

Chris

I thought this would be a challenge for some 'expert' guys ..
But i found it finally ...
page1 is parent of the others, so the others are also hidden.
thanks.
"Chris" <cc@dd.ddschree f in bericht
news:us******** ********@TK2MSF TNGP03.phx.gbl. ..

Hi,

I have a problem with sitemap combined with role. I posted in the
professional group but i reformulated here and made the things simplier: I
tried a lot of things, read a lot of stuff, but it's still unsolved.

there are two defined users: user1 and user2
there is one role: manager
user1 belongs to the role manager; user2 not.

there are three pages (page1.aspx, page2.aspx and page3.aspx).
page1.aspx is only reserved for role manager (user1)
page2.aspx and page3.aspx is for all users.

the sitemap is:
-------------
<siteMapNode url="page1.aspx " title="pg1" roles="manager" >
<siteMapNode url="page2.aspx " title="pg2" roles="*" >
</siteMapNode>
<siteMapNode url="page3.aspx " title="pg3" roles="*" >
</siteMapNode>
</siteMapNode>

i read somewhere on internet this:
"If the current user is in a role specified in the node's Roles property,
or if Roles is "*", the node is returned. "
"If the current user is not in a role specified in the node's Roles
property, then a URL authorization check is performed to determine whether
the user has access to the node's URL. If the answer is yes, the node is
returned. "

so i put a URL authorization in the web.config:
-----------------------------------------------------------------

<configuratio n
xmlns="http://schemas.microso ft.com/.NetConfigurati on/v2.0">
<appSettings/>
<connectionStri ngs/>

<system.web>
<roleManager enabled="true" />
</system.web>

<location path="page1.asp x">
<system.web>
<authorizatio n>
<deny users="*" />
</authorization>
</system.web>
</location>

<system.web>

<compilation debug="false" strict="false" explicit="true" />
<pages>
<namespaces>
<clear />
<add namespace="Syst em" />
.......
.........
</namespaces>
</pages>

<authenticati on mode="Forms" />

<siteMap defaultProvider ="AspXmlSiteMap Provider" enabled="true">
<providers>
<clear/>
<add name="AspXmlSit eMapProvider"
type="System.We b.XmlSiteMapPro vider, System.Web, Version=2.0.360 0.0,

Culture=neutral , PublicKeyToken= b03f5f7f11d50a3 a"
siteMapFile="we b.sitemap" securityTrimmin gEnabled="true"/>
</providers>
</siteMap>
</system.web>
</configuration>

When logging as user1, i see the three pages (that's ok).
When logging with user2, i see nothing.

Because user2 is not in the role for page1, the Url authorization takes
place and this page1 is hidden, but why the two others? there are
roles="*" on each line in web.sitemap.

Later,I added this in web.config for testing: but this gives exactly the
same: user1 sees all 3 pages, user2 nothing!

<location path="page2.asp x">
<system.web>
<authorizatio n>
<allow users="*" />
</authorization>
</system.web>
</location>

Thanks for explanation
Chris

Jun 20 '07 #2

Similar topics

1963

Can someone explain this behaviour?

by: Igor Raytsin | last post by:

Hello All, The following script is reproducing the problem assuming you have Northwind database on the server. Please note it gives you the error message on line 12. USE tempdb GO sp_addlinkedserver 'Test17'

Microsoft SQL Server

1485

Can someone explain why switch syntax is the way it is?

by: Andrew Ducker | last post by:

And no, this isn't a complaint about break - I'm very happy to make things explicit. However, why isn't the format something like: switch(myVariable) { case 1: { //Do Something

C# / C Sharp

1563

the switch statement has got me a little confused..can someone clear this up for me please

by: sparks | last post by:

extracalc = Switch(Me.Parent.Race_Black = -1 And Me.Parent.Sex = "Female", 1.952, Me.Parent.Race_Black = -1, 1.21, Me.Parent.Sex = "Female", 0.742, 1) I look at this and say ok if race = black and sex = female then extracalc = 1.952 if race = black then extracalc = 1.21 if sex = female then extracalc = .742 else

Microsoft Access / VBA

1179

Can someone explain this?

by: nigelhilluk | last post by:

Is it just me, or is this comment I got from a client total rubbish? Does he know more than me about CSS, or is he talking out of his anus? "Having also looked at the source code for the current pages, I am less than impressed. Why bother with style sheets at all if you carry on hard coding the formatting of most of the page? " everything on the page is <h1>, <h2> and <p> - no font tags nothing. Any clues? Hard coding vs...

HTML / CSS

5059

can someone explain the cross domain security re AjAX in IE?

by: Adrian | last post by:

can someone explain the cross domain security re AJAX in IE? I have a page that calls a web service (WS) from another domain (the target browser is only IE6) and displays it's results! all works fine when the page is run from my hdd, however when run from the web I get "Access denied" due to the cross domain security (I assume). So I set the browser setting to allow cross domain but this did not seem to work, I got the same error!

Javascript

10125

What is ONU?

by: marktang | last post by:

ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...

General

11512

Problem With Comparison Operator <=> in G++

by: Oralloy | last post by:

Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...

C / C++

11098

Maximizing Business Potential: The Nexus of Website Design and Digital Marketing

by: jinu1996 | last post by:

In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...

Online Marketing

9853

AI Job Threat for Devs

by: agi2029 | last post by:

Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...

Career Advice

7377

Couldn’t get equations in html when convert word .docx file to html file in C#.

by: conductexam | last post by:

I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...

C# / C Sharp

6072

Trying to create a lan-to-lan vpn between two differents networks

by: TSSRALBI | last post by:

Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...

Networking - Hardware / Configuration

4900

transfer the data from one system to another through ip address

by: 6302768590 | last post by:

Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system

C# / C Sharp

4441

How to add payments to a PHP MySQL app.

by: muto222 | last post by:

How can i add a mobile payment intergratation into php mysql website.

PHP

3495

Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy

by: bsmnconsultancy | last post by:

In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

General