Hi,
I need to hide a series of siteMapNodes to certain roles. That means roles
have access to the siteMapNode, but the node doesn't appear on the
navigation menu. I'll use Response.Redire ct to jump to hidden pages.
How can I do that? I tried securityTrimmin gEnabled="true" in my web.config.
But it doesn't help because the pages are accessible to the roles. I just
want to hide the pages from the main menu when certain roles login
Any help would be appreciated,
Max
6  18669 
You want these people to be able to use the page, but only if they are very
good at hacking? Or, you only want certain roles to use the page period?
If you want to hide them, you will have to create a custom sitemap provider
that allows you to hide pages people can actually hit.
If you want them to be unaccessible, you can add the roles to the sitemap
file and then make them inaccessible in the web.config file in that folder.
--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA http://gregorybeamer.spaces.live.com
Co-author: Microsoft Expression Web Bible (upcoming)
*************** *************** *************** ***
Think outside the box!
*************** *************** *************** ***
"Max2006" <al*******@news group.nospamwro te in message
news:ei******** ******@TK2MSFTN GP02.phx.gbl...
Hi,
I need to hide a series of siteMapNodes to certain roles. That means roles
have access to the siteMapNode, but the node doesn't appear on the
navigation menu. I'll use Response.Redire ct to jump to hidden pages.
How can I do that? I tried securityTrimmin gEnabled="true" in my
web.config. But it doesn't help because the pages are accessible to the
roles. I just want to hide the pages from the main menu when certain roles
login
Any help would be appreciated,
Max
Hi Max,
I agree with Gregory, if you want to customize the sitemapnode's displaying
based on authorization roles, the "Securiy Trimming" feature of ASP.NET
2.0 does be a reasonable choice:
#ASP.NET Site-Map Security Trimming http://msdn2.microsoft.com/en-us/library/ms178428.aspx
here is a good example demonstrate the security trimming from Scott's blog:
#Recipe: Implementing Role Based Security with ASP.NET using Windows
Authentication and SQL Server http://weblogs.asp.net/scottgu/archi...-Implementing-
Role-Based-Security-with-ASP.NET-using-Windows-Authentication-and-SQL-Server
..aspx
In addition, you may found that the actual accessing role calculation (how
to sitemapnode will be display or hide) a bit complex. Here are some former
threads where I've provide some description on this: http://groups.google.com/group/micro...rk.aspnet.webc
ontrols/browse_thread/thread/7fa4e5b66ff5ca4 f/606205d014ee304 3 http://groups.google.com/group/micro...browse_thread/
thread/8334f625070c8b7 4/b05d7462f0bf273 1
Hope this helps.
Sincerely,
Steven Cheng
Microsoft MSDN Online Support Lead
This posting is provided "AS IS" with no warranties, and confers no rights.
Hi Steven and George,
The security trimming doesn't help.
I guess I didn't explain the situation properly. We have two roles in our
site. (admin and user) They both have access to all of Wizard pages
(Wiz1.aspx, Wiz2.aspx .. Wiz15.aspx) Our application has logic to jump
between Wizard pages. Our users will use all 15 wizard pages and jump
between them back and force. ***We do not want them to see the 15 wizard
pages on the left hand navigation menu.***
So far everything is nice. I know that we can easily exclude Wiz1.aspx,
Wiz2.aspx .. Wiz15.aspx from web.sitemap file, But bere is the problem:
Based on the requirement, the site admin user (admin role) needs to see all
wizard pages (Wiz1.aspx, Wiz2.aspx .. Wiz15.aspx) on the left side
navigation.
In essence, this is not matter of access right. Both roles have perfect
access to all pages. We just want to hide some of the pages for non-admin
users.
What would be the easiest way to achieve that? I prefer to use navigation
provider features.
BTW: I simplified the situation to explain my question. The actual scenario
is much more complex.
Thank you,
Max
"Max2006" <al*******@news group.nospamwro te in message
news:ei******** ******@TK2MSFTN GP02.phx.gbl...
Hi,
I need to hide a series of siteMapNodes to certain roles. That means roles
have access to the siteMapNode, but the node doesn't appear on the
navigation menu. I'll use Response.Redire ct to jump to hidden pages.
How can I do that? I tried securityTrimmin gEnabled="true" in my
web.config. But it doesn't help because the pages are accessible to the
roles. I just want to hide the pages from the main menu when certain roles
login
Any help would be appreciated,
Max
Thanks for your reply Max,
Well, I've got your actual requirement now. Yes, you're right, the
security-trimming's functionality is different from what you expect.
Actually security-trimming will allow you to make more pages that can be
viewed by users(originall y can not view according to url authorization).
However, what you need is hide some pages which originally can be viewed by
certain users(according to url authroization roles), right?
So far I think the built-in sitemapprovider 's feature can not afford this.
What I can get now if use the Item's databinding event, such as
"TreeView.TreeN odeDataBound" event. You can add code there and change the
Text or other properties of the TreeNode( according to the current binding
url value) as to to not display the original value(but can not remove it).
Sincerely,
Steven Cheng
Microsoft MSDN Online Support Lead
This posting is provided "AS IS" with no warranties, and confers no rights.
Thank you Steven. I did that and I got the result I was looking for.
Thanks again, Max
"Steven Cheng[MSFT]" <st*****@online .microsoft.comw rote in message
news:W$******** ******@TK2MSFTN GHUB02.phx.gbl. ..
Thanks for your reply Max,
Well, I've got your actual requirement now. Yes, you're right, the
security-trimming's functionality is different from what you expect.
Actually security-trimming will allow you to make more pages that can be
viewed by users(originall y can not view according to url authorization).
However, what you need is hide some pages which originally can be viewed
by
certain users(according to url authroization roles), right?
So far I think the built-in sitemapprovider 's feature can not afford this.
What I can get now if use the Item's databinding event, such as
"TreeView.TreeN odeDataBound" event. You can add code there and change the
Text or other properties of the TreeNode( according to the current binding
url value) as to to not display the original value(but can not remove it).
Sincerely,
Steven Cheng
Microsoft MSDN Online Support Lead
This posting is provided "AS IS" with no warranties, and confers no
rights.
You're welcome Max!
I'm glad to be of assistance.
Have a nice day!
Sincerely,
Steven Cheng
Microsoft MSDN Online Support Lead
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Tom Dauria |
last post by:
I have a SQL database with an Access front end. In the database I
have a read only and a read write role. When a read only user opens
the database I want all the fields on the form to be locked so that
the user will not try to change data and get an error from the server.
Right now I am doing that with a table. But it's a hassle to have to
maintain a table when if I could answer the question is the currently
logged in user in the read...
|
by: exBK |
last post by:
Hi,
I have several web pages in my app and would like to restrict certain users
from accessing certain pages. Can you provide me any pointers on how to
implement a role based security so that a page is displayed only to a certain
role? TIA.
|
by: oLE |
last post by:
I would like to add some javascript to show/hide a certain row of a
table. The first row of the table contain the hyperlink that calls the
javascript the second row is the one i want to show/hide with the
javascript in a toggle fashion.
the problem is a know very little javascript and have become incredibly
frustrated because i went ahead thinking it was going to be like C. its not.
I know i can use these lines to do the actual work:
|
by: Lloyd Dupont |
last post by:
Basically there is an 'edit' link button which let the user edit the page's
content.
and a submit button to send back the edited content.
1. I want the edit asp:LinkButton visible on the page only if the current
user has a certain role, how do I do that?
2. I want the submit button to fail if the user don't have role and return a
standart 403 error, how do I do that?
|
by: Danny Tuppeny |
last post by:
Hi all,
I'm using a web.sitemap file and the site navigation controls. I've got a
page (ListRecords.aspx) that contains a grid, from where you can click
through to another page (DisplayRecord.aspx) to view details.
In the SiteMapPath control, I want the two pages do display as follows
(which, works)
Home > List Records
| | |
by: Cory Lievers |
last post by:
Hi there,
Thanks in advanced for any help.
I am new to .NET and am trying to do the following:
Certain paths within the application are public, while certain paths
only are for registered users, and certain paths for administrators.
Using the forms authentication within the web.config file, I can set
certain paths to be locked down to a certain "role". This works fine. A
|
by: Tom Van den Brandt |
last post by:
Hi all!
I'm trying to implement a custom roleprovider in asp.net. The new
roleprovider works fine when I access it programmaticaly. However, it
doesn't seem to work with the standard controls. More specifically, I
have a loginview with rolegroups and the parts of the site that should
be viewable for a certain role, do not show up. Did I forget something?
Regards,
|
by: carmela_wong |
last post by:
I am trying to output a report in which I show the total number of
people if groupfooter is "STAFF" but not if it is "ATTENDEES". The
report will say:
STAFF:
Staff1.......
Staff2......
Total staff members: 2
ATTENDEES:
|
by: Doogie |
last post by:
Hi I have an img control I am trying to hide upon certain types of
commands in my code behind. When to hide it is directly tied to a
asp:dropdownlist control. So depending on what the user selects in
that dropdownlist, this image will be hidden or be displayed.
I have tied the onselectedindexchanged value of the dropdownlist to a
c-sharp method (not javascript) because other things are being done as
well that I want to do server side. ...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| | |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
| | |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
