467,116 Members | 1,142 Online
Bytes | Developer Community
Ask Question

Home New Posts Topics Members FAQ

Post your question to a community of 467,116 developers. It's quick & easy.

XmlSiteMapProvider: How to hide siteMapNode to a certain role?

Hi,

I need to hide a series of siteMapNodes to certain roles. That means roles
have access to the siteMapNode, but the node doesn't appear on the
navigation menu. I'll use Response.Redirect to jump to hidden pages.

How can I do that? I tried securityTrimmingEnabled="true" in my web.config.
But it doesn't help because the pages are accessible to the roles. I just
want to hide the pages from the main menu when certain roles login

Any help would be appreciated,
Max
Jul 10 '07 #1
  • viewed: 18281
Share:
6 Replies
You want these people to be able to use the page, but only if they are very
good at hacking? Or, you only want certain roles to use the page period?

If you want to hide them, you will have to create a custom sitemap provider
that allows you to hide pages people can actually hit.

If you want them to be unaccessible, you can add the roles to the sitemap
file and then make them inaccessible in the web.config file in that folder.

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA
http://gregorybeamer.spaces.live.com
Co-author: Microsoft Expression Web Bible (upcoming)

************************************************
Think outside the box!
************************************************
"Max2006" <al*******@newsgroup.nospamwrote in message
news:ei**************@TK2MSFTNGP02.phx.gbl...
Hi,

I need to hide a series of siteMapNodes to certain roles. That means roles
have access to the siteMapNode, but the node doesn't appear on the
navigation menu. I'll use Response.Redirect to jump to hidden pages.

How can I do that? I tried securityTrimmingEnabled="true" in my
web.config. But it doesn't help because the pages are accessible to the
roles. I just want to hide the pages from the main menu when certain roles
login

Any help would be appreciated,
Max

Jul 10 '07 #2
Hi Max,

I agree with Gregory, if you want to customize the sitemapnode's displaying
based on authorization roles, the "Securiy Trimming" feature of ASP.NET
2.0 does be a reasonable choice:

#ASP.NET Site-Map Security Trimming
http://msdn2.microsoft.com/en-us/library/ms178428.aspx

here is a good example demonstrate the security trimming from Scott's blog:

#Recipe: Implementing Role Based Security with ASP.NET using Windows
Authentication and SQL Server
http://weblogs.asp.net/scottgu/archi...-Implementing-
Role-Based-Security-with-ASP.NET-using-Windows-Authentication-and-SQL-Server
..aspx

In addition, you may found that the actual accessing role calculation (how
to sitemapnode will be display or hide) a bit complex. Here are some former
threads where I've provide some description on this:

http://groups.google.com/group/micro...rk.aspnet.webc
ontrols/browse_thread/thread/7fa4e5b66ff5ca4f/606205d014ee3043

http://groups.google.com/group/micro...browse_thread/
thread/8334f625070c8b74/b05d7462f0bf2731

Hope this helps.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead
This posting is provided "AS IS" with no warranties, and confers no rights.



Jul 10 '07 #3


Hi Steven and George,

The security trimming doesn't help.

I guess I didn't explain the situation properly. We have two roles in our
site. (admin and user) They both have access to all of Wizard pages
(Wiz1.aspx, Wiz2.aspx .. Wiz15.aspx) Our application has logic to jump
between Wizard pages. Our users will use all 15 wizard pages and jump
between them back and force. ***We do not want them to see the 15 wizard
pages on the left hand navigation menu.***

So far everything is nice. I know that we can easily exclude Wiz1.aspx,
Wiz2.aspx .. Wiz15.aspx from web.sitemap file, But bere is the problem:
Based on the requirement, the site admin user (admin role) needs to see all
wizard pages (Wiz1.aspx, Wiz2.aspx .. Wiz15.aspx) on the left side
navigation.

In essence, this is not matter of access right. Both roles have perfect
access to all pages. We just want to hide some of the pages for non-admin
users.

What would be the easiest way to achieve that? I prefer to use navigation
provider features.

BTW: I simplified the situation to explain my question. The actual scenario
is much more complex.

Thank you,

Max
"Max2006" <al*******@newsgroup.nospamwrote in message
news:ei**************@TK2MSFTNGP02.phx.gbl...
Hi,

I need to hide a series of siteMapNodes to certain roles. That means roles
have access to the siteMapNode, but the node doesn't appear on the
navigation menu. I'll use Response.Redirect to jump to hidden pages.

How can I do that? I tried securityTrimmingEnabled="true" in my
web.config. But it doesn't help because the pages are accessible to the
roles. I just want to hide the pages from the main menu when certain roles
login

Any help would be appreciated,
Max

Jul 10 '07 #4
Thanks for your reply Max,

Well, I've got your actual requirement now. Yes, you're right, the
security-trimming's functionality is different from what you expect.
Actually security-trimming will allow you to make more pages that can be
viewed by users(originally can not view according to url authorization).
However, what you need is hide some pages which originally can be viewed by
certain users(according to url authroization roles), right?

So far I think the built-in sitemapprovider's feature can not afford this.
What I can get now if use the Item's databinding event, such as
"TreeView.TreeNodeDataBound" event. You can add code there and change the
Text or other properties of the TreeNode( according to the current binding
url value) as to to not display the original value(but can not remove it).

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead
This posting is provided "AS IS" with no warranties, and confers no rights.

Jul 11 '07 #5
Thank you Steven. I did that and I got the result I was looking for.

Thanks again, Max
"Steven Cheng[MSFT]" <st*****@online.microsoft.comwrote in message
news:W$**************@TK2MSFTNGHUB02.phx.gbl...
Thanks for your reply Max,

Well, I've got your actual requirement now. Yes, you're right, the
security-trimming's functionality is different from what you expect.
Actually security-trimming will allow you to make more pages that can be
viewed by users(originally can not view according to url authorization).
However, what you need is hide some pages which originally can be viewed
by
certain users(according to url authroization roles), right?

So far I think the built-in sitemapprovider's feature can not afford this.
What I can get now if use the Item's databinding event, such as
"TreeView.TreeNodeDataBound" event. You can add code there and change the
Text or other properties of the TreeNode( according to the current binding
url value) as to to not display the original value(but can not remove it).

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead
This posting is provided "AS IS" with no warranties, and confers no
rights.

Jul 11 '07 #6
You're welcome Max!

I'm glad to be of assistance.

Have a nice day!

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead

Jul 12 '07 #7

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

1 post views Thread by exBK | last post: by
10 posts views Thread by oLE | last post: by
reply views Thread by Lloyd Dupont | last post: by
reply views Thread by Danny Tuppeny | last post: by
2 posts views Thread by Cory Lievers | last post: by
7 posts views Thread by Tom Van den Brandt | last post: by
3 posts views Thread by carmela_wong@hotmail.com | last post: by
6 posts views Thread by Doogie | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.