How do I filter nodes of TreeView and Menu controls with sitemap data sources based on user permissions?

1
votes

I'm using the ASP.NET Login Controls and Forms Authentication for membership/credentials for an ASP.NET web application. And I'm using a site map for site navigation.

I have ASP.NET TreeView and Menu navigation controls populated using a SiteMapDataSource. But off-limits administrator-only pages are visible to non-administrator users.

Kevin Pang wrote:

I'm not sure how this question is any different than your other question

The other question deals with assigning and maintaining permissions.

This question just deals with presentation of navigation. Specifically TreeView and Menu controls with sitemap data sources.

<asp:Menu ID="Menu1" runat="server" DataSourceID="SiteMapDataSource1" />
<asp:SiteMapDataSource ID="SiteMapDataSource1" runat="server" ShowStartingNode="False" />

Nicholas wrote:

add role="SomeRole" in the sitemap

Does that only handle the display issue? Or are such page permissions enforced?

3
asp.netforms-authenticationsitemap

3 Answers

1
votes

I had to set securityTrimmingEnabled to "true" in my web.config file.

<?xml version="1.0"?>
<configuration>
    ...
    <system.web>
        ...
        <siteMap defaultProvider="default">
            <providers>
                <clear/>
                <add name="default"
                    type="System.Web.XmlSiteMapProvider"
                    siteMapFile="web.sitemap"
                    securityTrimmingEnabled="true"/>
            </providers>
        </siteMap>
        ...
    </system.web>
    ...
</configuration>
1
votes

I'm not sure how this question is any different than your other question, but I'll try to answer it anyways.

If you want a tutorial on how to implement role-based authentication, check out the one from 4GuysFromRolla.

1
votes

securityTrimmingEnabled="true" works for internal pages that have a config file restricting permissions, you can also add role="SomeRole" in the sitemap to ovveride the display mechanism, which is useful if you have menu items to external sites.