[RESOLVED] Combining web.config role authorization with web.sitemap?
I have a sitemap defined in a web.sitemap file and I'm also doing role-based authorization for locations using web.config. I'm using the web.sitemap to generate a menu structure on a Master page, and I wanted to somehow hook the role-based auth from web.config into my menu to hide links to pages that would be denied access from the roles auth.
Is it possible to read the list of <location path=""> and associated role authorizations (allow or deny) from web.config so I can check that against the web.sitemap when generating the menu structure?
Re: Combining web.config role authorization with web.sitemap?
Well this seems like a lot because you have to dig through the elements of web.config and find the correct ones.I haven't tried advanced digging on web.config but if you feel up to then have a look here and expand the example:
http://www.dotnetcurry.com/ShowArticle.aspx?ID=102
Re: Combining web.config role authorization with web.sitemap?
Thanks. I'll take a look and see how I go with it.
Re: Combining web.config role authorization with web.sitemap?
No problem, let us know if you have any trouble.
Re: Combining web.config role authorization with web.sitemap?
It's possible to do this manually:
C# Code:
var config = System.Web.Configuration.WebConfigurationManager.OpenWebConfiguration("/WebsiteVirtualRootThatContainsWebConfigGoesHere");
var locations = config.Locations;
foreach (ConfigurationLocation location in locations)
{
AuthorizationSection authSection = (AuthorizationSection)location.OpenConfiguration().GetSection("system.web/authorization");
foreach (AuthorizationRule authRule in authSection.Rules)
{
switch (authRule.Action)
{
case AuthorizationRuleAction.Allow:
break;
case AuthorizationRuleAction.Deny:
break;
}
}
}
But it's much easier to just set securityTrimmingEnabled="true" for the Sitemap provider in web.config, and this will automatically trim down the Sitemap nodes when accessing from code to whatever the current user is authorized to view. If you want to check a url manually, then you can just use UrlAuthorizationModule.CheckUrlAccessForPrincipal.
Re: [RESOLVED] Combining web.config role authorization with web.sitemap?
Hey,
Did you see my CodeBank Entry on this topic:
http://www.vbforums.com/showthread.p...75#post3625975
:)
Gary
Re: [RESOLVED] Combining web.config role authorization with web.sitemap?
I must have missed that one. I'll take a look. Thanks.
Re: [RESOLVED] Combining web.config role authorization with web.sitemap?
Quote:
Originally Posted by
tr333
I must have missed that one. I'll take a look. Thanks.
Not a problem at all, hope it helps!
Gary
Re: [RESOLVED] Combining web.config role authorization with web.sitemap?
Quote:
Originally Posted by
tr333
I must have missed that one. I'll take a look. Thanks.
Not a problem at all, hope it helps!
Gary