Geeks With Blogs
AzamSharp Some day I will know everything. I hope that day never comes.

Security Trimming attribute in the SiteMap is a pretty cool feature to hide the links which are not approachable by the user of the desired role. Yes, I think "NOT APPROACHABLE" is the correct word as most of the people think about security trimming feature in a different way (THE WRONG WAY).

Check out the Web.config settings of the Site Map below:

 <siteMap defaultProvider="XmlSiteMapProvider" enabled="true">
      <providers>
        <
add name="XmlSiteMapProvider" type="System.Web.XmlSiteMapProvider"
             siteMapFile="Web.siteMap" securityTrimmingEnabled="true"/>        
      </providers>           
    </siteMap>

As, you can see above that securityTrimmingEnabled is set to true which will enable the security trimming on the sitemap nodes.

Here is the Web.sitemap file:

<?xml version="1.0" encoding="utf-8"?>
<siteMap>
  <siteMapNode title="Root" Description="Root" Url="~/">

    <siteMapNode siteMapFile = "~/SomeFolder/Header.sitemap"/>
    <siteMapNode siteMapFile ="~/SomeFolder/Footer.sitemap" />

  </siteMapNode>

</siteMap>

Now, take a look at the Footer.sitemap since that contains the roles attribute.

<?xml version="1.0" encoding="utf-8" ?>
<siteMap xmlns="http://schemas.microsoft.com/AspNet/SiteMap-File-1.0" >

  <siteMapNode url="~/PostMenu.aspx" title="root">
    <siteMapNode url="~/UserPages/AddNewReply.aspx" title="Reply" />    
    <siteMapNode url="~/Admin/ApprovePosts.aspx"
    title="Delete" roles="Admin" />

  </siteMapNode>
</siteMap>

The bold line above represents that the node"~/Admin/ApprovePosts.aspx" should only be visible to Admin and not all the users. This also means that your Admin folder should only be accessed by Admin and not anyone else. For that check out the web.config authorization section below:

<location path="Admin">
        <system.web>
            <authorization>
                <allow roles="Admin"/>
                <deny roles="Developer"/>
        <deny roles="User"/>
            </authorization>
        </system.web>
    </location>

So, basically what sitemap enableSecurityTrimming does is it goes to the path and see if the path is approachable if so, then it displays it else it won't display.

 

powered by IMHO 1.3

Posted on Tuesday, May 2, 2006 10:21 PM | Back to top


Comments on this post: Security Trimming in SiteMaps

# re: Security Trimming in SiteMaps
Requesting Gravatar...
What file type on this sitemap ?
Left by Wils on Jun 02, 2006 3:34 AM

# re: Security Trimming in SiteMaps
Requesting Gravatar...
It's a pain to have to set rules for access for all the files...
There should be a way to manage the display of menus only based only on the sitemap
Left by Simone on Jun 21, 2007 6:06 PM

# re: Security Trimming in SiteMaps
Requesting Gravatar...
its nice...
but can u tell me plz how to disable or enable a menu in sitemap
Left by sachin on Jan 14, 2008 8:44 PM

# re: Security Trimming in SiteMaps
Requesting Gravatar...
I have a menu item in which one static-item is ADMIN.

i want to disable this item when a normal user logs in. and enable when an Admin logs in.

Please reply. Urgently
Left by azhar on Aug 12, 2010 6:12 PM

Your comment:
 (will show your gravatar)


Copyright © Mohammad Azam | Powered by: GeeksWithBlogs.net