locked
Roles & SiteMap RRS feed

  • Question

  • User1489022458 posted

    Hi!

    I have a Menu Control wich DataSource is a SiteMap. The nodes should only appear if the user is on the specified role (on node role property).

    But, I'm having some problems doing this. The nodes are only being filtered if they are inside of another node.

    This is my SiteMap:


    2    <siteMap xmlns="http://schemas.microsoft.com/AspNet/SiteMap-File-1.0" >
    3   
    4    <siteMapNode title="Home" url="Home.aspx" roles="*">
    5       <siteMapNode url="Page1.aspx" title="Page 1" roles="*" />
    6       <siteMapNode url="Page2.aspx" title="Page 2" roles="*" />
    7       <siteMapNode url="Page3.aspx" title="Page 3" roles="Manager" />
    8       <siteMapNode title="Admin Area" roles="Admin">
    9          <siteMapNode url="Admin/Page1.aspx" title="Admin Page 1" />
    10         <siteMapNode url="Admin/Page2.aspx" title="Admin Page 1" />
    11      </siteMapNode>
    12   </siteMapNode>
    13   </siteMap>
     

     In this example, the node "Admin Area" only show if the user in on Admin role. But the node Page 3 shows everytime, if the user is or is not on Manager role.

    BUT, if I put that node inside another node, it is filtered ok. Like this:

     

    1    <siteMapNode title="Manager page" roles="Manager" />
    2       <siteMapNode url="Page3.aspx" title="Page 3"  />
    3    </siteMapNode>
     
    In the above example, it's all ok. The Page3.aspx only shows for users on Manager role.
    
    So, whats is happening here? Why I need to put the nodes inside others nodes to have rules working?
    Friday, November 2, 2007 11:35 AM

All replies

  • User546723956 posted

    Multiple roles can be specified using commas or semicolons as separators.

    check between lines in this site

     

    Friday, November 2, 2007 12:05 PM
  • User1489022458 posted

    Multiple roles can be specified using commas or semicolons as separators.

    check between lines in this site

    Thanks, but that's not my problem.

    I've edited the firts post, maybe now someone can understand what is happening.

    Friday, November 2, 2007 1:31 PM
  • User546723956 posted

    1    <siteMapNode title="Manager page" roles="Manager" />
    2       <siteMapNode url="Page3.aspx" title="Page 3"  />
    3    </siteMapNode>

    here you are grouping the the pages under one role. and that means that page3 can be only entered by users with admin roles like the manager page.

     

    Saturday, November 3, 2007 4:38 AM
  • User1489022458 posted

    1    <siteMapNode title="Manager page" roles="Manager" />
    2       <siteMapNode url="Page3.aspx" title="Page 3"  />
    3    </siteMapNode>

    here you are grouping the the pages under one role. and that means that page3 can be only entered by users with admin roles like the manager page.

     But can't I do the same without having that page in a group of nodes?

    Just:

    <siteMapNode url="Page3.aspx" title="Page 3" roles="Manager"  />

    Monday, November 5, 2007 6:00 AM
  • User1489022458 posted

    Anyone?

    Wednesday, November 7, 2007 1:07 PM
  • User-2054148878 posted

    Have you figured this one out yet??? I have ran into the same problem.

    Wednesday, November 7, 2007 6:42 PM
  • User1489022458 posted

    Nop, nothing.. [:S]

    It's strange, because I believe this should work. So, maybe I'm doing something wrong, but I don't know what..

    Thursday, November 8, 2007 4:39 AM
  • User-1705717250 posted

    Yes you can, do you have the sitemap defined in the web.config?

    Like:

    <siteMap defaultProvider="XmlSiteMapProvider" enabled="true">
            <providers>
              <add name="XmlSiteMapProvider"
           description="SiteMap provider which reads in .sitemap XML files."
           type="System.Web.XmlSiteMapProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
           siteMapFile="web.sitemap"
           securityTrimmingEnabled="true"/>
            </providers>
    </siteMap>
     The securityTrimmingEnabled="true" is the important bit.
    Thursday, November 8, 2007 5:17 AM
  • User-1705717250 posted

    Oh forgot to say before check that you have the permission setup for the directory in the web.config

    <location path="Page3.aspx">
        <system.web>
          <authorization>
           <allow roles="Manager" />
        </authorization
        </system.web>
      </location>

    Hope it helps

    Thursday, November 8, 2007 5:24 AM
  • User1489022458 posted

    Yes, here it is:

      

    1    <siteMap defaultProvider="XmlSiteMapProvider" enabled="true">
    2          <providers>
    3            <add name="XmlSiteMapProvider"
    4                 description="Default SiteMap provider."
    5                 type="System.Web.XmlSiteMapProvider "
    6                 siteMapFile="Web.sitemap"
    7                 securityTrimmingEnabled="true" />
    8          </providers>
    9        </siteMap>
    

     

    It's working, but not completely as I expected.

    It is only filtering the links on my menu if I set the role on a grouping node. If I have 3 nodes inside another node and I set the access role to the higher role, it works fine. On my menu is the same thing has having a static item wich will have 3 submenus, and if the user is not on that role the static item will disappear.

    BUT, if I don't have submenus for a menu item, wich on my sitemap it's just an isolated node, setting a role to that node will do nothing. The user can see the menu item if he is, or he is not on that role.

    I don't know if you are understanding me..

    Thursday, November 8, 2007 7:10 AM
  • User-1705717250 posted

    Yes I understand what you are trying to do. But you have to control access to the pages when using securityTrimming as per the example i gave you before.

    You can set it up per directory or per file.

    Hope it helps

    Thursday, November 8, 2007 7:37 AM
  • User1489022458 posted

    It didn't worked [:(]

    Friday, November 9, 2007 6:17 AM
  • User-396977354 posted

    I have a similar issue where either the menu is not trimmed when role is unassigned or if role is assigned, page gives access denied error.

     If I have this inside a webconfig in the "sellers" folder the link is visible and active in the menu even when role is unassigned:

     <location path="home/uploads/sellers/sellers.aspx">

    <system.web>

    <authorization>

    <allow roles="sellers"/>

    <deny users="*"/>

    </authorization>

    </system.web>

    </location>

     However, If I have this in the webconfig file in the "sellers" folder, the link is trimmed correctly when role is unassigned, but gives an access denied error message when role is assigned and link is clicked:

    <location path="sellers.aspx">

    <system.web>

    <authorization>

    <allow roles="sellers"/>

    <deny users="*"/>

    </authorization>

    </system.web>

    </location>

     

    P.S. Forgot to say I have tried this in the root webconfig as well.

     

    Thanks, Paul

    Friday, November 9, 2007 6:37 AM
  • User-1705717250 posted

    Oh very odd, Ok can you post for me your web.config and .sitemap file and I will build a demo up and take a look for you.

     

    Friday, November 9, 2007 6:38 AM
  • User-396977354 posted

    Thanks Jeremy 

    Root Web Config

     <?
    xml version="1.0"?><configuration>

     

    <appSettings/>

    <connectionStrings>

    <remove name="LocalSqlServer"/>

    <add name="LocalSqlServer" connectionString="Data Source=OFFICE\SQL2000;Initial Catalog=AR_Stuff;Integrated Security=True" providerName="System.Data.SqlClient"/></connectionStrings>

     

    <location path="plaincontent.aspx">

    <system.web>

    <authorization>

    <allow roles="AdjustUploads"/>

    <deny users="*"/>

    </authorization>

    </system.web>

    </location>

     

    <
    system.web>

     

    <
    siteMap defaultProvider="XmlSiteMapProvider" enabled="true">

    <providers>

    <add name="XmlSiteMapProvider"

    description="Default SiteMap provider."

    type="System.Web.XmlSiteMapProvider "

    siteMapFile="Web.sitemap"

    securityTrimmingEnabled="true" />

    </providers>

    </siteMap>

     

    <
    roleManager enabled="true" defaultProvider="SqlRoleManager">

    <providers>

    <clear />

    <add connectionStringName="LocalSqlServer" applicationName="Membership"

    name="SqlRoleManager" type="System.Web.Security.SqlRoleProvider" />

    </providers>

    </roleManager>

     

    <
    compilation debug="true" strict="false" explicit="true"/>

     

    <
    pages>

    <namespaces>

    <clear/>

    <add namespace="System"/>

    <add namespace="System.Collections"/>

    <add namespace="System.Collections.Specialized"/>

    <add namespace="System.Configuration"/>

    <add namespace="System.Text"/>

    <add namespace="System.Text.RegularExpressions"/>

    <add namespace="System.Web"/>

    <add namespace="System.Web.Caching"/>

    <add namespace="System.Web.SessionState"/>

    <add namespace="System.Web.Security"/>

    <add namespace="System.Web.Profile"/>

    <add namespace="System.Web.UI"/>

    <add namespace="System.Web.UI.WebControls"/>

    <add namespace="System.Web.UI.WebControls.WebParts"/>

    <add namespace="System.Web.UI.HtmlControls"/>

    </namespaces>

    </pages>

    <authorization>

    <deny users="?"/>

    </authorization>

    </system.web>

    </configuration>

    Agents webconfig

    <?xml version="1.0"?>

    <configuration>

    <location path="home/uploads/agents/sellers.aspx">

    <system.web>

    <authorization>

    <allow roles="sellers"/>

    <deny users="*"/>

    </authorization>

    </system.web>

    </location>

    <location path="home/uploads/agents/buyers.aspx">

    <system.web>

    <authorization>

    <allow roles="buyers"/>

    <deny users="*"/>

    </authorization>

    </system.web></location>

     

    <appSettings/>

    <connectionStrings/><system.web>

     

    </system.web>

    </configuration>

     

    SiteMap File:

    <?xml version="1.0" encoding="utf-8" ?>

    <siteMap xmlns="http://schemas.microsoft.com/AspNet/SiteMap-File-1.0" >

    <siteMapNode url="default.aspx" title="Home" description="" >

    <siteMapNode url="~/admin/Admin.aspx" title="Administrators" description="admin.aspx" roles="Admin" >

    <siteMapNode url="~/admin/User Maintenance.aspx" title="User Maintenance" roles="Admin" />

    </siteMapNode>

    <siteMapNode url="PlainContent.aspx" title="Plain Content" />

    <siteMapNode url="" title="Uploads" roles="*">

    <siteMapNode url="~/home/uploads/sellers/sellers.aspx" title="sellers" roles="sellers" />

    <siteMapNode url="~/home/uploads/buyers/buyers.aspx" title="buyers" roles="buyers" />

    </siteMapNode>

    </siteMapNode>

    </siteMap>

     

    Friday, November 9, 2007 6:59 AM
  • User-1705717250 posted

    Hello Paul

    Which folder do yo have the Agents webconfig in?

    Also you do not have the membership provider defined in the web.config

    Something like

     

    <membership defaultProvider="CustomizedMembershipProvider" userIsOnlineTimeWindow="20">
          <providers>
            <add name="CustomizedMembershipProvider"
                 type="System.Web.Security.SqlMembershipProvider"
                 connectionStringName="localhost"
                 minRequiredPasswordLength="5"
                 minRequiredNonalphanumericCharacters="0"
                 maxInvalidPasswordAttempts="5"
                 passwordAttemptWindow="10"
                 applicationName="/" />
          </providers>
        </membership>

     The application name need to be defined in the web.config more info at http://weblogs.asp.net/scottgu/archive/2006/04/22/Always-set-the-_2200_applicationName_2200_-property-when-configuring-ASP.NET-2.0-Membership-and-other-Providers.aspx

    Hope this helps

     
     

     

    Friday, November 9, 2007 10:02 AM
  • User-1705717250 posted

    Cseven,

    Can you tell me more about what you tried and how you have your application setup?

    Did you put the permissions web.config in the admin folder along the lines of


    <configuration>
            <appSettings/>
            <connectionStrings/>
            <system.web>
              <authorization>
                <allow roles="superuser, admin" />
                <deny users="*" />
              </authorization>
            </system.web>
    </configuration>

     
    Friday, November 9, 2007 10:11 AM
  • User-1705717250 posted

    Paul,

    Are you sure you want

    <authorization> <deny users="?"/>

    </authorization>

    in the root web.config?

    Friday, November 9, 2007 11:09 AM
  • User-396977354 posted

    Hi Jeremy

     

    I'm not really sure what I need. What is that actually doing. It doesn't seem to stop any access to anywhere.

    We have a crisis here at work right now so I will get back on this as soon as I can, I really do appreciate the help but unfortunately I don't call all the shots!!! Hopefully you will still be willing to help when I get back to this later today!

    Friday, November 9, 2007 11:18 AM
  • User-1705717250 posted

    Paul,

    You need to set the applicationName so that the logged in user and the role's the users in are matched to the correct entries in the sql database, which is storing users by applicationname.

    Scott's post covers the details better than my one line.

    Sure happy to help anytime.

    Friday, November 9, 2007 11:43 AM
  • User1489022458 posted

    This is my SiteMap:

      

    1    <?xml version="1.0" encoding="utf-8" ?>
    2    <siteMap xmlns="http://schemas.microsoft.com/AspNet/SiteMap-File-1.0" >
    3      <siteMapNode title="Home" url="MyHome.aspx">
    4        <siteMapNode url="Home.aspx" title="Home" roles="*" />
    5        <siteMapNode url="Page1.aspx" title="Page 1" roles="*" />
    6        <siteMapNode url="Page2.aspx" title="Page 2" roles="*" />
    7        <siteMapNode url="Page3.aspx" title="Page 3" roles="Manager" />
    8        <siteMapNode title="Page4.aspx" roles="*" />
    9        <siteMapNode title="Administration" roles="Administrator">
    10         <siteMapNode url="Admin/Config.aspx" title="Configuration" />
    11         <siteMapNode url="Admin/Users.aspx" title="Users" />
    12       </siteMapNode>
    13     </siteMapNode>
    14   </siteMap>
    

     

    And this is my web.config file (I removed my connection strings and some critical lines):

    1    <?xml version="1.0"?>
    2    <configuration>
    3    	<configSections>
    4    		<sectionGroup name="system.web.extensions" type="System.Web.Configuration.SystemWebExtensionsSectionGroup, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">
    5    			<sectionGroup name="scripting" type="System.Web.Configuration.ScriptingSectionGroup, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">
    6    				<section name="scriptResourceHandler" type="System.Web.Configuration.ScriptingScriptResourceHandlerSection, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" requirePermission="false" allowDefinition="MachineToApplication"/>
    7    				<sectionGroup name="webServices" type="System.Web.Configuration.ScriptingWebServicesSectionGroup, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">
    8    					<section name="jsonSerialization" type="System.Web.Configuration.ScriptingJsonSerializationSection, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" requirePermission="false" allowDefinition="Everywhere"/>
    9    					<section name="profileService" type="System.Web.Configuration.ScriptingProfileServiceSection, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" requirePermission="false" allowDefinition="MachineToApplication"/>
    10   					<section name="authenticationService" type="System.Web.Configuration.ScriptingAuthenticationServiceSection, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" requirePermission="false" allowDefinition="MachineToApplication"/>
    11   				</sectionGroup>
    12   			</sectionGroup>
    13   		</sectionGroup>
    14   	</configSections>
    15   	<location path="App_Themes">
    16   		<system.web>
    17   			<authorization>
    18   				<allow users="*"/>
    19   			</authorization>
    20   		</system.web>
    21   	</location>
    22   
    23   	<connectionStrings>
    24   		<remove name="LocalSqlServer"/>
    25   		<add name="Sql2000Server" connectionString="XXX"/>
    26   		<add name="ADConnectionString" connectionString="XXX"/>
    27   	</connectionStrings>
    28   	<system.web>
    29   		<pages theme="MyCompany">
    30   			<controls>
    31   				<add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
    32   			</controls>
    33   		</pages>
    34   		<!--
    35             Set compilation debug="true" to insert debugging
    36             symbols into the compiled page. Because this
    37             affects performance, set this value to true only
    38             during development.
    39       -->
    40   		<compilation debug="true">
    41   			<buildProviders>
    42   				<add extension=".skin" type="System.Web.Compilation.PageBuildProvider"/>
    43   			</buildProviders>
    44   			<assemblies>
    45   				<add assembly="System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
    46   				<add assembly="System.Design, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
    47   				<add assembly="System.Web.Extensions.Design, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
    48   				<add assembly="System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
    49   				<add assembly="System.Security, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
    50   				<add assembly="System.DirectoryServices, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/></assemblies>
    51   		</compilation>
    52   		<httpHandlers>
    53   			<remove verb="*" path="*.asmx"/>
    54   			<add verb="*" path="*.asmx" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
    55   			<add verb="*" path="*_AppService.axd" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
    56   			<add verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" validate="false"/>
    57   		</httpHandlers>
    58   		<httpModules>
    59   			<add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
    60   		</httpModules>
    61       <authentication mode="Forms">
    62   			<forms name=".ASPXAUTH" loginUrl="Login.aspx" defaultUrl="Home.aspx" protection="All" timeout="30" path="/" requireSSL="false" slidingExpiration="true" cookieless="UseDeviceProfile"/>
    63   		</authentication>
    64   		<authorization>
    65         <allow roles="Administrator, Manager"/>  
    66   			<deny users="?"/>
    67   			<allow users="*"/>
    68   		</authorization>
    69   		<membership defaultProvider="AspNetActiveDirectoryMembershipProvider">
    70   			<providers>
    71   				<remove name="AspNetSqlMembershipProvider"/>
    72   				<add name="AspNetActiveDirectoryMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADConnectionString" connectionUsername="XXX" connectionPassword="XXX" connectionProtection="None" enablePasswordReset="False" enableSearchMethods="True" requiresQuestionAndAnswer="False" applicationName="/" description="Default AD Connection" requiresUniqueEmail="true" clientSearchTimeout="30" serverSearchTimeout="30" maxInvalidPasswordAttempts="5" passwordAttemptWindow="10" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" attributeMapUsername="sAMAccountName"/>
    73         </providers>
    74   		</membership>
    75   		<roleManager enabled="true" defaultProvider="AspNetSql2000RoleProvider" cacheRolesInCookie="false" cookieName=".ASPXROLES" cookieTimeout="30" cookiePath="/" cookieRequireSSL="false" cookieSlidingExpiration="true" cookieProtection="All" createPersistentCookie="false" maxCachedResults="25">
    76   			<providers>
    77   				<clear/>
    78   				<add connectionStringName="Sql2000Server" applicationName="/" name="AspNetSql2000RoleProvider" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
    79   			</providers>
    80   		</roleManager>
    81   		<profile defaultProvider="AspNetSql2000ProfileProvider">
    82   			<providers>
    83   				<clear/>
    84   				<add name="AspNetSql2000ProfileProvider" connectionStringName="Sql2000Server" applicationName="/" type="System.Web.Profile.SqlProfileProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
    85   			</providers>
    86   			<properties>
    87   				<add name="Name" type="System.String"/>
    88   			</properties>
    89   		</profile>
    90   		<siteMap defaultProvider="XmlSiteMapProvider" enabled="true">
    91   			<providers>
    92   				<add name="XmlSiteMapProvider" description="Default SiteMap provider." type="System.Web.XmlSiteMapProvider " siteMapFile="Web.sitemap" securityTrimmingEnabled="true"/>
    93   			</providers>
    94   		</siteMap>
    95   	</system.web>
    96   	<system.web.extensions>
    97   		<scripting>
    98   			<webServices>
    99   				<!-- Uncomment this line to customize maxJsonLength and add a custom converter -->
    100  				<!--
    101        <jsonSerialization maxJsonLength="500">
    102          <converters>
    103            <add name="ConvertMe" type="Acme.SubAcme.ConvertMeTypeConverter"/>
    104          </converters>
    105        </jsonSerialization>
    106        -->
    107  				<!-- Uncomment this line to enable the authentication service. Include requireSSL="true" if appropriate. -->
    108  				<!--
    109          <authenticationService enabled="true" requireSSL = "true|false"/>
    110        -->
    111  				<!-- Uncomment these lines to enable the profile service. To allow profile properties to be retrieved
    112             and modified in ASP.NET AJAX applications, you need to add each property name to the readAccessProperties and
    113             writeAccessProperties attributes. -->
    114  				<!--
    115        <profileService enabled="true"
    116                        readAccessProperties="propertyname1,propertyname2"
    117                        writeAccessProperties="propertyname1,propertyname2" />
    118        -->
    119  			</webServices>
    120  			<!--
    121        <scriptResourceHandler enableCompression="true" enableCaching="true" />
    122        -->
    123  		</scripting>
    124  	</system.web.extensions>
    125  	<system.webServer>
    126  		<validation validateIntegratedModeConfiguration="false"/>
    127  		<modules>
    128  			<add name="ScriptModule" preCondition="integratedMode" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
    129  		</modules>
    130  		<handlers>
    131  			<remove name="WebServiceHandlerFactory-Integrated"/>
    132  			<add name="ScriptHandlerFactory" verb="*" path="*.asmx" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
    133  			<add name="ScriptHandlerFactoryAppServices" verb="*" path="*_AppService.axd" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
    134  			<add name="ScriptResource" preCondition="integratedMode" verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
    135  		</handlers>
    136  	</system.webServer>
    137  </configuration>
    

     

    This sitemap is filling a Menu Control, wich is on my Master page. If the user is on the administrator role, he can see the Administration link and the 2 submenus (configuration and users), else he does't see nothing from administration area. But with Page3 and role Manager that filtering doesn't happen. The user can see the Page3 link if he is or he is not on the Manager role. BUT, if i put the Page 3 inside another node, and set that node to role manager the filtering works fine, but it is stupid to have just one submenu inside a menu link.

    Friday, November 9, 2007 1:14 PM
  • User-1705717250 posted

    Oh ok now i understand more after seeing the web.config you are using Active Directory Membership.

    Take a read of this post by scott should see you right

    http://weblogs.asp.net/scottgu/pages/Recipe_3A00_-Implementing-Role_2D00_Based-Security-with-ASP.NET-2.0-using-Windows-Authentication-and-SQL-Server.aspx

    I am also a little puzzled by the rule you have

    <allow roles="Administrator, Manager"/> 
    66   <deny users="?"/>
    67   <allow users="*"/>
    68   </authorization>

    <deny users = "?"/> Denies access to all anonymous users

    <allow users = "*"/> Allows access to both anonymous and authenticated users

    Hope it helps

    Friday, November 9, 2007 2:41 PM
  • User1489022458 posted

    Yes, I'm using Active Directory Membership, but I'm using Forms authentication, not Windows. But the problem is not there.

     I'm almost getting this to work, because the solution is like you said on the web.config, adding location/authentication rules.

    I've tried something like this:

    1      <location path="ManagerPage.aspx">
    2        <system.web>
    3          <authorization>
    4            <allow roles="Manager"/>
    5          </authorization>
    6        </system.web>
    7      </location>

    But, this does not help to hide the ManagerPage link from the Menu if you are not from Manager Role. 

    If I add something like:

     <deny users="*"/>

    <allow roles="Manager"/>

     OR

     <deny roles="Administrator, User"/>

    <allow roles="Manager"/>

    It hides that page link from the Menu if ou are not from the Manager Role, BUT if you are and you click on the link it always redirect you to the login form and can't authenticate [:S]

    How can I set a rule that deny's all users from that page if they are not on Manager Role?

    Thanks!

     

    Monday, November 12, 2007 5:47 AM
  • User-396977354 posted

    Jeremy, I'm an idiot. Misspelling in rolename in sitemap file. Obviously I'm crap at triple checking (good at wasting hours though). Your posts pointed me there though, thanks again.

    Monday, November 12, 2007 10:00 AM
  • User-1705717250 posted

    Well I think you problem is with the membership you have defined.

    You do not have the applicationname defined in the web.config which will cause problems for you.

    Take a read of scoot's post on application name at http://weblogs.asp.net/scottgu/archive/2006/04/22/Always-set-the-_2200_applicationName_2200_-property-when-configuring-ASP.NET-2.0-Membership-and-other-Providers.aspx

     

    Monday, November 12, 2007 10:14 AM
  • User-396977354 posted

    Yes, I will have to address that as well. Developing locally right now but with a move to production servers this will probably cause an issue. Will work on that shortly.....don't hang up the phone just yet ;-)

    Monday, November 12, 2007 10:20 AM
  • User-396977354 posted

    OK, on to Production servers now. I was able to set everything up ok but the application name is "/". Is this a problem? I'd like to change it but not sure if I can just do that in the "ApplicationName" and "LoweredApplicationName" fields  in the aspnet_Applications table and change my providers in web.config to match or will this cause other problems? Any pointers for that?

    Tuesday, November 13, 2007 10:04 AM
  • User-1705717250 posted

    Paul,

    No problem using "/" as the application name.

    The application name is set when setting up the application under iis. More info on this at

    http://support.microsoft.com/kb/326355 under the heading Set the virtual directory as an Internet Information Services (IIS) application

    More info on checking the data is correct in sql and the web.config at

    http://weblogs.asp.net/scottgu/archive/2006/04/22/Always-set-the-_2200_applicationName_2200_-property-when-configuring-ASP.NET-2.0-Membership-and-other-Providers.aspx

    Hope that helpful

    Tuesday, November 13, 2007 11:04 AM
  • User-470607515 posted

     I have been having this problem as well :-(  after few hours i tried this.

     I have a Menu Control on my MasterPage and 3 different roles (plus !authenticated users) who all have a different navigation structure.

    I created a different sitemap for each role and assigned them to my SiteMapDataSource control based on Roles on login, I did this in my MasterPage code behind file.

     
    My web.config:

     

    <siteMap defaultProvider="XmlSiteMapProvider" enabled="true">
    			<providers>
    				<add name="XmlSiteMapProvider" description="Default SiteMap provider" type="System.Web.XmlSiteMapProvider" siteMapFile="~/Navigation/Web.sitemap" securityTrimmingEnabled="true"/>
    				<add name="MasterAdminSiteMapProvider" description="MasterAdmin SiteMap provider" type="System.Web.XmlSiteMapProvider" siteMapFile="~/Navigation/MasterAdmin.sitemap" securityTrimmingEnabled="true"/>
    				<add name="CustomerAdminSiteMapProvider" description="Customer Admin SiteMap provider" type="System.Web.XmlSiteMapProvider" siteMapFile="~/Navigation/CustomerAdmin.sitemap" securityTrimmingEnabled="true"/>
    				<add name="UserSiteMapProvider" description="User SiteMap provider" type="System.Web.XmlSiteMapProvider" siteMapFile="~/Navigation/User.sitemap" securityTrimmingEnabled="true"/>
    			</providers>
    		</siteMap>
     
     

     my MasterPage code behind method:

     
     

    //SELECTS NAVIGATION SITEMAP PROVIDER BASED ON ROLLS
        protected void Menu1_DataBinding(object sender, EventArgs e)
        {
            if(!IsPostBack)
            {
                if (Roles.IsUserInRole("MasterAdmin"))
                {
                    SiteMapDataSource1.SiteMapProvider = "MasterAdminSiteMapProvider";
                }
                else if (Roles.IsUserInRole("CustomerAdmin"))
                {
                    SiteMapDataSource1.SiteMapProvider = "CustomerAdminSiteMapProvider";
                }
                else if (Roles.IsUserInRole("User"))
                {
                    SiteMapDataSource1.SiteMapProvider = "UserSiteMapProvider";
                }
                else
                {
                    SiteMapDataSource1.SiteMapProvider = "XmlSiteMapProvider";
                }
            }
        }
    a bit of work but it... 

     Works like a charm [:D]

    Hope it helps
     

    Tuesday, November 13, 2007 4:45 PM
  • User1489022458 posted

    Hmm... that's a good idea.

    I'll give it a try! Thanks [Yes]

    Wednesday, November 14, 2007 4:31 AM
  • User-1311022226 posted

    That's really weird; if I enable the SecurityTrimming attribute in the Web.Config file, it always works fine. If I set it to false (or remove that line), all links appear in the sitemap.

     

    Here is my Web.Config. 

     

    <?xml version="1.0"?>
    <configuration><system.web>
        <identity impersonate="true" />
        <siteMap defaultProvider="XmlSiteMapProvider" enabled="true" >
          <providers>
            <clear />
            <add name="XmlSiteMapProvider"
                     description="Default SiteMap provider."
                     type="System.Web.XmlSiteMapProvider"
                     siteMapFile="Web.sitemap"
                     securityTrimmingEnabled="true" />
          </providers>
        </siteMap>   
     

    Hope you get it soon. 

    Monday, November 19, 2007 12:55 AM
  • User-396977354 posted

    Hi

     I'm having a problem with this also. Even though I don't have any allow/deny conditions in my config files, if I set the trimming to true then I only get links for the first parent node. Here's my sitemap and config. None of the links under "Tools and Utilities" are shown:

    <?xml version="1.0" encoding="utf-8" ?>
    <siteMap xmlns="http://schemas.microsoft.com/AspNet/SiteMap-File-1.0" >
        <siteMapNode url="default.aspx" title="Home"  description="" >
          <siteMapNode url="~/administration/Admin.aspx" title="Administrators" >
            <siteMapNode url="~/administration/User Maintenance.aspx" title="User Maintenance" />
            <siteMapNode url="~/administration/UploadTrainingDocs.aspx" title="Upload Training Docs" />
          </siteMapNode>
          <siteMapNode url="" title="Tools and Utilities" >
            <siteMapNode url="~/home/general/ImageViewing.aspx" title="View Images" />
            <siteMapNode url="~/home/general/ImageLoading.aspx" title="Load Images" /> 
          </siteMapNode> 
        </siteMapNode>
    </siteMap>

    config file:

        <siteMap defaultProvider="XmlSiteMapProvider" enabled="true">
          <providers>
            <clear/>
            <add name="XmlSiteMapProvider"
                 description="Default SiteMap provider."
                 type="System.Web.XmlSiteMapProvider "
                 siteMapFile="Web.sitemap"
                 securityTrimmingEnabled="true"/>
          </providers>
        </siteMap>

     Any clues are appreciated.

    Monday, November 19, 2007 11:57 AM
  • User-1311022226 posted

    Hi

     I'm having a problem with this also. Even though I don't have any allow/deny conditions in my config files, if I set the trimming to true then I only get links for the first parent node. Here's my sitemap and config. None of the links under "Tools and Utilities" are shown:

    <?xml version="1.0" encoding="utf-8" ?>
    <siteMap xmlns="http://schemas.microsoft.com/AspNet/SiteMap-File-1.0" >
        <siteMapNode url="default.aspx" title="Home"  description="" >
          <siteMapNode url="~/administration/Admin.aspx" title="Administrators" >
            <siteMapNode url="~/administration/User Maintenance.aspx" title="User Maintenance" />
            <siteMapNode url="~/administration/UploadTrainingDocs.aspx" title="Upload Training Docs" />
          </siteMapNode>
          <siteMapNode url="" title="Tools and Utilities" >
            <siteMapNode url="~/home/general/ImageViewing.aspx" title="View Images" />
            <siteMapNode url="~/home/general/ImageLoading.aspx" title="Load Images" /> 
          </siteMapNode> 
        </siteMapNode>
    </siteMap>

    config file:

        <siteMap defaultProvider="XmlSiteMapProvider" enabled="true">
          <providers>
            <clear/>
            <add name="XmlSiteMapProvider"
                 description="Default SiteMap provider."
                 type="System.Web.XmlSiteMapProvider "
                 siteMapFile="Web.sitemap"
                 securityTrimmingEnabled="true"/>
          </providers>
        </siteMap>

     Any clues are appreciated.

     

    Hi DotNetNubie, 

    I think you should remove the leading tildas and slashes from your sitemap. It will look like this:

     

    <?xml version="1.0" encoding="utf-8" ?>
    <siteMap xmlns="http://schemas.microsoft.com/AspNet/SiteMap-File-1.0" >
        <siteMapNode url="default.aspx" title="Home"  description="" >
          <siteMapNode url="administration/Admin.aspx" title="Administrators" >
            <siteMapNode url="administration/User Maintenance.aspx" title="User Maintenance" />
            <siteMapNode url="administration/UploadTrainingDocs.aspx" title="Upload Training Docs" />
          </siteMapNode>
          <siteMapNode url="" title="Tools and Utilities" >
            <siteMapNode url="home/general/ImageViewing.aspx" title="View Images" />
            <siteMapNode url="home/general/ImageLoading.aspx" title="Load Images" /> 
          </siteMapNode> 
        </siteMapNode>
    </siteMap>


     

    Monday, November 19, 2007 8:05 PM
  • User-1705717250 posted

    Yes I have seen that before, you need to change the line in web.sitemap

    <siteMapNode url="" title="Tools and Utilities" >

    to

    <siteMapNode url="somefilename.aspx" title="Tools and Utilities" >

    but I can not tell you why because I have never found the time to read up on it, sorry 

    Hope it helps

     

    Tuesday, November 20, 2007 3:13 AM
  • User-396977354 posted

    Thank you all for your help. I removed the tildas as suggested but I think my biggest issue was the empty URL's. I really don't want to have a URL reference there. Do you know if there is a way to have a node visible as a category of links but without having the node actually linking to anything itself, as I was trying to do?

    Tuesday, November 20, 2007 4:47 AM
  • User-1705717250 posted

    Ok I have another work around then add a roles="*" like

    <siteMapNode url="" title="Tools and Utilities" roles="*" >

    Hope it helps

    Tuesday, November 20, 2007 5:28 AM
  • User-1705717250 posted

    Oh also just seen the space in the file name never a good idea, you should think about changing it.

    administration/User Maintenance.aspx

     

    Tuesday, November 20, 2007 5:31 AM
  • User-396977354 posted

    Jeremy, correct again on both counts. Roles="*" works a treat and does exactly what I need. I inherited the filenames and they are being used in a custom menu (till I, sorry, YOU got this figured out that is). I will get to those over time, I promise!!

    BTW, where do I find the "mark as answer" as you have answered a few of my questions fully here but I can't see that button to let others know.

    Tuesday, November 20, 2007 6:27 AM
  • User-1705717250 posted

    Good to hear it worked for you, the mark as answer button should be near the reply button on top of the messages.

    Many thanks

    Tuesday, November 20, 2007 9:46 AM