Restrict Access to your website using ASP.Net Membership Provider
NOTE: The attached sample application was written in Visual Studio 2008 Team System Edition NOTE: Due to the size of the database that was created, I have scripted the database as an SQL File, which you should be able to restore from.
When you use the built in ASP.Net Providers (i.e. Membership, Roles and Profile) you have the ability to make use of the built in controls within the Framework, such as Login, LoginView, CreateUserWizards etc.
If you use the Menu control, in conjunction with the Roles allocated to a user, then you can limit access to particular areas of your site.
For instance, within the web.config file, you could put the following entries within the configuration node:
The above means that access to a folder named Entry in the root of the website is restricted to all users apart from members of the Operator and StoreKeeper role.
Access to a folder called Update in the root of the website is restricted to all users apart from members of the Operator Role.
Access to a folder called View in the root of the website is restricted to all users apart from members of the Operator, Manager and StoreKeeper role.
In addition to the above, it is also possible to restrict access to a particular page of the website, not just pages within a directory. This can be achieved as follows:
Here, access to the AddEditPost.aspx page is restricted to everyone except from members of the Administrators, Editors, Moderators and Posters role.
It is possible to place individual web.config files into each of the above folders and restrict the access in each of these configuration files, or, you can place all your location nodes in the main web.config file of your application (this is the approach that I have taken in the attached sample.
In order to complete this technique, entries need to be made in the web.sitemap as follows:
With this in place, any menu on your website, which uses the web.sitemap as it's datasource will dynamically change which nodes are visible based on the roles of the currently logged in user.
Attached to this thread is a complete (basic) sample which shows this in operation. You should be able to log into the website using the following credentials:
UserNamePassword
manage manage1#
operate operate1#
store store1#
The "manage" user is a member of the Manager Role, the "operate" user a member of the Operator Role, and the "store" user a member of the StoreKeeper Role.
Things to watch out for in the sample application is the configuration element in the web.config for the XmlSiteMapProvider, namely:
Code:
<siteMap defaultProvider="XmlSiteMapProvider" enabled="true">
<providers>
<add name="XmlSiteMapProvider" description="SiteMap provider which reads in .sitemap XML files." type="System.Web.XmlSiteMapProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" siteMapFile="web.sitemap" securityTrimmingEnabled="true"/>
</providers>
</siteMap>
Here I have enabled the securityTrimmingEnabled property. Basically what this does it tells the siteMapProvider to not show any nodes that the currently logged in user does not have access to. If this property were left as false, then the user would be able to see all nodes, it is just that when they clicked on them they would be redirected to the login page. To me, this isn't very intuitive. If the user doesn't have access to a page, then they shouldn't see a link to it.
Let me know if you have any question about the above.
Re: Restrict Access to your website using ASP.Net Membership Provider
Gary,
I'm assuming the Username/Password values you provided are what is to be used in your application. If so, I tried all 3 of them and they didn't seem to work. Am I missing anything?
Re: Restrict Access to your website using ASP.Net Membership Provider
Hey Blake,
Yes, the usernames and passwords in the post are the ones that I used in the sample project that was attached.
In order to use those though, you are going to have to restore the database from the back up of the SQL that I added to the project, since I wasn't able to upload the whole database (see the second note).
If you don't want to do that, you will be able to recreate these users in your own database using the Web Administration section.
if (xdoc.DocumentElement.ChildNodes[0].HasChildNodes)
{
int i = 0;
foreach (XmlElement childNodesEnumerator in xdoc.DocumentElement.ChildNodes[0].ChildNodes)
{
if (childNodesEnumerator.Attributes["roles"].Value.Contains(RoleName) || childNodesEnumerator.Attributes["roles"].Value.Contains("*"))
{
XE[i] = new XElement(siteNM + "siteMapNode", new XAttribute("title", childNodesEnumerator.Attributes["title"].Value), new XAttribute("url", childNodesEnumerator.Attributes["url"].Value), new XAttribute("roles", childNodesEnumerator.Attributes["roles"].Value));
}
else
{
XE[i] = new XElement(siteNM + "siteMapNode", new XAttribute("title", childNodesEnumerator.Attributes["title"].Value), new XAttribute("url", childNodesEnumerator.Attributes["url"].Value), new XAttribute("roles", childNodesEnumerator.Attributes["roles"].Value + "," + RoleName));
}
int j = 0;
XElement[] XE1 = new XElement[50];
foreach (XmlElement childNodesEnumerator1 in childNodesEnumerator.ChildNodes)
if (childNodesEnumerator1.Attributes["title"].Value == hypTitle.Text)
{
if (childNodesEnumerator1.Attributes["roles"].Value.Contains(RoleName) || childNodesEnumerator1.Attributes["roles"].Value.Contains("*"))
{
XE1[j] = new XElement(siteNM + "siteMapNode", new XAttribute("title", childNodesEnumerator1.Attributes["title"].Value), new XAttribute("url", childNodesEnumerator1.Attributes["url"].Value), new XAttribute("roles", childNodesEnumerator1.Attributes["roles"].Value));
}
else
{
XE1[j] = new XElement(siteNM + "siteMapNode", new XAttribute("title", childNodesEnumerator1.Attributes["title"].Value), new XAttribute("url", childNodesEnumerator1.Attributes["url"].Value), new XAttribute("roles", childNodesEnumerator1.Attributes["roles"].Value + "," + RoleName));
}
j++;
}
}
}
}
}
}
}
XE[i].Add(XE1);
i++;
}
}
XDocument xDoc = new XDocument(
new XDeclaration("1.0", "UTF-8", null),
new XElement(siteNM + "siteMap",
new XElement(siteNM + "siteMapNode", new XAttribute("title", SiteMapFileName), new XAttribute("url", ""), new XAttribute("roles", "*"),
XE
)
));
xDoc.Save(Server.MapPath(SiteMapFileName));
}
code was as above want to update .sitemap nodes as i used grid for radio buttons and checking every radio button and updating node according it
plz help...
i have wested so much time on it.........