[RESOLVED] Combining web.config role authorization with web.sitemap?

**tr333** · Jun 13th, 2012, 08:54 PM

I have a sitemap defined in a web.sitemap file and I'm also doing role-based authorization for locations using web.config. I'm using the web.sitemap to generate a menu structure on a Master page, and I wanted to somehow hook the role-based auth from web.config into my menu to hide links to pages that would be denied access from the roles auth.

Is it possible to read the list of <location path=""> and associated role authorizations (allow or deny) from web.config so I can check that against the web.sitemap when generating the menu structure?

**sapator** · Jun 13th, 2012, 09:33 PM

Well this seems like a lot because you have to dig through the elements of web.config and find the correct ones.I haven't tried advanced digging on web.config but if you feel up to then have a look here and expand the example:
http://www.dotnetcurry.com/ShowArticle.aspx?ID=102

**tr333** · Jun 13th, 2012, 10:41 PM

Thanks. I'll take a look and see how I go with it.

**sapator** · Jun 14th, 2012, 12:32 AM

No problem, let us know if you have any trouble.

**tr333** · Aug 9th, 2012, 01:23 AM

It's possible to do this manually:

C# Code:

var config = System.Web.Configuration.WebConfigurationManager.OpenWebConfiguration("/WebsiteVirtualRootThatContainsWebConfigGoesHere");
var locations = config.Locations;
 
            foreach (ConfigurationLocation location in locations)
            {
                AuthorizationSection authSection = (AuthorizationSection)location.OpenConfiguration().GetSection("system.web/authorization");
                foreach (AuthorizationRule authRule in authSection.Rules)
                {
                    switch (authRule.Action)
                    {
                        case AuthorizationRuleAction.Allow:
                            break;
                        case AuthorizationRuleAction.Deny:
                            break;
                    }
                }
            }

But it's much easier to just set securityTrimmingEnabled="true" for the Sitemap provider in web.config, and this will automatically trim down the Sitemap nodes when accessing from code to whatever the current user is authorized to view. If you want to check a url manually, then you can just use UrlAuthorizationModule.CheckUrlAccessForPrincipal.

**gep13** · Aug 9th, 2012, 01:40 AM

Hey,

Did you see my CodeBank Entry on this topic:

http://www.vbforums.com/showthread.p...75#post3625975

Gary

**tr333** · Aug 9th, 2012, 08:53 PM

I must have missed that one. I'll take a look. Thanks.

**gep13** · Aug 10th, 2012, 01:40 AM

Originally Posted by tr333

I must have missed that one. I'll take a look. Thanks.

Not a problem at all, hope it helps!

Gary

**gep13** · Aug 10th, 2012, 01:40 AM

Originally Posted by tr333

I must have missed that one. I'll take a look. Thanks.

Not a problem at all, hope it helps!

Gary

Thread: [RESOLVED] Combining web.config role authorization with web.sitemap?

Thread Tools

Display

[RESOLVED] Combining web.config role authorization with web.sitemap?

Re: Combining web.config role authorization with web.sitemap?

Re: Combining web.config role authorization with web.sitemap?

Re: Combining web.config role authorization with web.sitemap?

Re: Combining web.config role authorization with web.sitemap?

Re: [RESOLVED] Combining web.config role authorization with web.sitemap?

Re: [RESOLVED] Combining web.config role authorization with web.sitemap?

Re: [RESOLVED] Combining web.config role authorization with web.sitemap?

Re: [RESOLVED] Combining web.config role authorization with web.sitemap?

Posting Permissions