Menu Item Hiding using SiteMap
Hello,
I have a menu control which is based on a sitemap as below.
However whilst the security aspect is working i.e. users cannot access a page without being in the correct role the menu does not seem to hide any of the menu items.
I really want users only to see the help menu item before they log in, then after this point they should see all items unless they are External in which case the Uploads and Admin Items should be hidden.
Is this not possible or have I set up my sitemap wrong?
If I remove roles="*" from the first node no menu items are visible at all even after login?
Code:
<siteMapNode roles="*">
<siteMapNode title="Courses" description="" urlRoute="Products" url="products" roles="*">
</siteMapNode>
<siteMapNode url="Locations" title="Locations" description="" urlRoute="Locations" roles="Internal, ExternalAdmin"/>
<siteMapNode title="Uploads" description="" urlRoute="Uploads" url="Uploads/Event" roles="Internal, ExternalAdmin">
</siteMapNode>
<siteMapNode url="Admin" title="Admin" description="" urlRoute="Admin" roles="Internal, ExternalAdmin">
</siteMapNode>
<siteMapNode url="Help/0" title="Help and FAQ" description="" urlRoute="GSPHelp" roles="*"/>
Re: Menu Item Hiding using SiteMap
Hello,
Take a look at the Restricted Menu link in my signature, and look specifically at this section:
Quote:
Here I have enabled the securityTrimmingEnabled property. Basically what this does it tells the siteMapProvider to not show any nodes that the currently logged in user does not have access to. If this property were left as false, then the user would be able to see all nodes, it is just that when they clicked on them they would be redirected to the login page. To me, this isn't very intuitive. If the user doesn't have access to a page, then they shouldn't see a link to it.
Gary
Re: Menu Item Hiding using SiteMap
Hi yes I have the security trimming enabled feature set to on in my web config already but it is not trimming as required.
It either loses all items or none of them.
This is the snipet from my top level web config.
Code:
<configuration>
<system.web>
<siteMap defaultProvider="XmlSiteMapProvider" enabled="true">
<providers>
<clear/>
<add name="XmlSiteMapProvider"
description="Default SiteMap provider."
type="System.Web.XmlSiteMapProvider "
siteMapFile="Web.sitemap"
securityTrimmingEnabled="true"/>
</providers>
</siteMap>
Re: Menu Item Hiding using SiteMap
Hello,
If you download the sample application that I have attached to that post, does it work for you?
Gary
Re: Menu Item Hiding using SiteMap
Hello,
Also, rather than putting the roles on the sitemap files, (which I didn't know/think you could do), have you created the location entries in the web.config file?
Gary
Re: Menu Item Hiding using SiteMap
The authorization was set in individual web configs at the various folder levels
I have changed it now to the root config
as below
Again the security model works fine i.e. restriction of access, it is just the menu which doesnt hide the inaccessible items.
Looking at your solution I cant test it as there are no values in the database but the code looks the same.
On the default page
Code:
<asp:SiteMapDataSource runat="server" ID="siteMapDataSrc" ShowStartingNode="false"/>
<asp:Menu ID="MainMenu" runat="server" Orientation="Horizontal" DataSourceID="siteMapDataSrc"/>
config
Code:
<configuration>
<system.web>
<siteMap defaultProvider="XmlSiteMapProvider" enabled="true">
<providers>
<clear/>
<add name="XmlSiteMapProvider"
description="Default SiteMap provider."
type="System.Web.XmlSiteMapProvider "
siteMapFile="Web.sitemap"
securityTrimmingEnabled="true"/>
</providers>
</siteMap>
<roleManager enabled="true" />
<authentication mode="Forms">
<forms loginUrl="Default.aspx"
defaultUrl="/Account/Home.aspx"
timeout="30"
slidingExpiration="true"
cookieless="UseDeviceProfile">
</forms>
</authentication>
&
Code:
<location path="Account/Uploads/Outline">
<system.web>
<authorization>
<allow roles="Internal,ExternalAdmin"/>
<deny roles ="External"/>
<deny users="?"/>
</authorization>
</system.web>
</location>
site map
Code:
<?xml version="1.0" encoding="utf-8" ?>
<siteMap xmlns="http://schemas.microsoft.com/AspNet/SiteMap-File-1.0" >
<siteMapNode url="Default.aspx" title="Home">
<siteMapNode title="Products" description="" urlRoute="GSPCourses" url="Products">
</siteMapNode>
<siteMapNode url="Locations" title="Locations" description="" urlRoute="GSPLocations"/>
<siteMapNode title="Uploads" description="" urlRoute="GSPUploads" url="Uploads/Event">
</siteMapNode>
<siteMapNode url="Admin" title="Admin" description="" urlRoute="GSPAdmin">
</siteMapNode>
<siteMapNode url="Help/0" title="Help and FAQ" description="" urlRoute="GSPHelp"/>
</siteMapNode>
</siteMap>
Re: Menu Item Hiding using SiteMap
The sql file to generate the necessary tables etc in the database is included in the App_Data folder.
Yeah, I can't see anything obvious in what you have there.
Gary
Re: Menu Item Hiding using SiteMap
I notice you have code as below in your web config, whereas I do not.
My authentication and authorization is being handled by login control I placed on the form and how I confifugred using the asp.net configuration tool, it seems to be working but i cannot see anywhere in the config how it is connecting to the database?
Code:
<!--
Set compilation debug="true" to insert debugging
symbols into the compiled page. Because this
affects performance, set this value to true only
during development.
-->
<membership>
<providers>
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="LocalSqlServer" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" applicationName="/" requiresUniqueEmail="false" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="7" minRequiredNonalphanumericCharacters="1" passwordAttemptWindow="10" passwordStrengthRegularExpression=""/>
</providers>
</membership>
<profile>
<providers>
<add name="AspNetSqlProfileProvider" connectionStringName="LocalSqlServer" applicationName="/" type="System.Web.Profile.SqlProfileProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
</providers>
</profile>
<roleManager enabled="true">
<providers>
<add name="AspNetSqlRoleProvider" connectionStringName="LocalSqlServer" applicationName="/" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
</providers>
</roleManager>
Re: Menu Item Hiding using SiteMap
Hello,
Most likely you are using the default provider setup that is configured in your computer machine.config file. I typically always override these settings in my applications web.config file.
Gary
Re: Menu Item Hiding using SiteMap
Yes I have now manually configured all my providers and security is working great.
The menu problem, I have now had this working in a fashion i.e. some items have been hidden.
If I put the actual folder path in the URL field (see below) it hides the menu item as it should for my test user, however when logged in as a authorized user clicking on the link instead of displaying the asp page it displays the folder directory, as you would guess. However I have pages routed so do not want to specify the actual full page path in the menu for the user to see?
<siteMapNode url="Account/Locations" title="Locations" description="" urlRoute="GSPLocations"/>
Re: Menu Item Hiding using SiteMap
Hello FishGuy,
Is it possible you can upload your application so that I can take a look?
Gary
