ASP.NET 2.0 Beta 1 <siteMapNode> roles=""

J

Jon Edney

Hi,

I am trying to use a web.sitemap file in ASP 2.0 Beta 1 to limit the menu
options visible to users. However I have struck a problem. How do you use
roles= to only show items when there is no user logged in (no roles).

For example:
<siteMapNode url="" id="User" title="User Features" description="User
Features" roles="*">
<siteMapNode url="~/user/signup.aspx" title="Sign-Up"
description=""/>
<siteMapNode url="~/user/forgot.aspx" title="Forgotten Password"
description=""/>
</siteMapNode>
<siteMapNode url="" id="User" title="User Features" description="User
Features" roles="members, admin">
<siteMapNode url="~/user/changepassword.aspx" title="Change
Password" description=""/>
<siteMapNode url="~/login.aspx" title="Logout" description=""/>
</siteMapNode>

I am current using roles="*", but this is still visible to the user after
they have logged in. I only want them to see the options when they are not
logged in. I guess I need something like roles="anonymous".

Thanks for your help.

Jon Edney.
 
J

Jon Edney

Brock,

Thanks for your help. Unfortunatly I get the following error:

Exception Details: System.Configuration.ConfigurationException:
Authorization rule names cannot contain the '?' character.

Any other ideas?

Thanks,
Jon.
 
B

Brock Allen

Oh, I misunderstood what you're asking for.

Ok, quickly some background (if you already know this, my apologies). The
SiteMapDataSource will filter nodes in the tree based upon the current user's
access to the pages as controlled via the web.config's <authorization> settings.
So if a user doesn't have access to a page then it wont' show in the Menu/TreeView
(from the SiteMapDataSource). roles="" in web.sitemap is there to show nodes
that the user wouldn't normally see. Thius is to let them know it's there
but if they click/navigate on it you still get access denied via <authentication>.
Also, for nodes that point outside the application, then they're hidden and
you need to show them, typically with roles="*". So you're right -- I was
wrong in saying to use "?" because that's the default if you don't have securityTrimmingEnabled=true
in web.config.

Now, what you want is to have the node disappear when the user is not anonymmous.
To do this, add a <location> element to web.config and allow the anon user
and deny everyone else:

<location path="YourAnonPage.aspx">
<system.web>
<authorization>
<allow users="?" />
<deny users="*" />
</authorization>
</system.web>
</location>
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

using AspNetActiveDirectoryMembershipProvider question 2
asp.net 2.0 menu control shows restricted item 3
Menu control error on client side 0
Need help with Menu control 0
ASP.NET 2.0 Authorization based on Combination of Allow/Deny Users/Roles. 1
AspNetActiveDirectoryMembershipProvider question 0
Sitemap & roles 0
trouble with dynamic display levels on menu 1

Members online

Total: 41 (members: 2, guests: 39)
Robots: 450

Forum statistics

Threads
473,768
Messages
2,569,574
Members
45,051
Latest member
CarleyMcCr

Latest Threads

Top