Setting Navigation for Membership Framework

Question

I'm developing ASP.NET 4.0 Website using SQL server 2008 with Membership Framework. It runs fine so far with static navigation in my master page which uses static Web.SiteMap file to generate the Navigational Menu. I am wondering If there is any way to generate this file dynamically depending on the user's role or Identity. I would also like to know If there is any way to store this setting in database using membership framework so that I dont have to present each and every links to all users or roles who is not authorized to see some of pages in website or any other way to generate menu at runtime.

abatishchev abatishchev · Accepted Answer · 2011-02-21T15:45:07

Take a look on securityTrimmingEnabled="true", here's some links:

In general, using this option you're enabling the check does current user's role is allowed to visit current site map node.

Web.config:

<siteMap defaultProvider="MySiteMapProvider" enabled="true">
    <providers>
        <clear />
        <add name="MySiteMapProvider" type="My.XmlSiteMapProvider" siteMapFile="Web.sitemap" securityTrimmingEnabled="true" />
    </providers>
</siteMap>

Web.sitemap:

<siteMap xmlns="http://schemas.microsoft.com/AspNet/SiteMap-File-1.0">
    <siteMapNode url="Default.aspx" title="Main" roles="*">
        <siteMapNode url="Admin.aspx" title="Admin" roles="admin" />
    </siteMapNode>
</siteMap>

Custom site map provider:

namespace My
{
    public class XmlSiteMapProvider : System.Web.XmlSiteMapProvider
    {
        public override bool IsAccessibleToUser(HttpContext context, SiteMapNode node)
        {
            if (node.Roles.OfType<string>().Any(r => String.Equals(r, "*", StringComparison.Ordinal) || context.User.IsInRole(r)))
            {
                return true;
            }
            else
            {
                throw new My.InsufficientRightsException();
            }
        }
    }
}

Setting Navigation for Membership Framework

2 Answers