ASP.NET 2.0 Beta 1 <siteMapNode> roles=""

Discussion in 'ASP .Net Security' started by Jon Edney, Apr 12, 2005.

  1. Jon Edney

    Jon Edney Guest

    Hi,

    I am trying to use a web.sitemap file in ASP 2.0 Beta 1 to limit the menu
    options visible to users. However I have struck a problem. How do you use
    roles= to only show items when there is no user logged in (no roles).

    For example:
    <siteMapNode url="" id="User" title="User Features" description="User
    Features" roles="*">
    <siteMapNode url="~/user/signup.aspx" title="Sign-Up"
    description=""/>
    <siteMapNode url="~/user/forgot.aspx" title="Forgotten Password"
    description=""/>
    </siteMapNode>
    <siteMapNode url="" id="User" title="User Features" description="User
    Features" roles="members, admin">
    <siteMapNode url="~/user/changepassword.aspx" title="Change
    Password" description=""/>
    <siteMapNode url="~/login.aspx" title="Logout" description=""/>
    </siteMapNode>

    I am current using roles="*", but this is still visible to the user after
    they have logged in. I only want them to see the options when they are not
    logged in. I guess I need something like roles="anonymous".

    Thanks for your help.

    Jon Edney.
     
    Jon Edney, Apr 12, 2005
    #1
    1. Advertising

  2. Jon Edney

    Brock Allen Guest

    Use "?" for anonymous

    -Brock
    DevelopMentor
    http://staff.develop.com/ballen



    > Hi,
    >
    > I am trying to use a web.sitemap file in ASP 2.0 Beta 1 to limit the
    > menu options visible to users. However I have struck a problem. How do
    > you use roles= to only show items when there is no user logged in (no
    > roles).
    >
    > For example:
    > <siteMapNode url="" id="User" title="User Features"
    > description="User
    > Features" roles="*">
    > <siteMapNode url="~/user/signup.aspx" title="Sign-Up"
    > description=""/>
    > <siteMapNode url="~/user/forgot.aspx" title="Forgotten
    > Password"
    > description=""/>
    > </siteMapNode>
    > <siteMapNode url="" id="User" title="User Features"
    > description="User
    > Features" roles="members, admin">
    > <siteMapNode url="~/user/changepassword.aspx"
    > title="Change
    > Password" description=""/>
    > <siteMapNode url="~/login.aspx" title="Logout"
    > description=""/>
    > </siteMapNode>
    > I am current using roles="*", but this is still visible to the user
    > after they have logged in. I only want them to see the options when
    > they are not logged in. I guess I need something like
    > roles="anonymous".
    >
    > Thanks for your help.
    >
    > Jon Edney.
    >
     
    Brock Allen, Apr 12, 2005
    #2
    1. Advertising

  3. Jon Edney

    Jon Edney Guest

    Brock,

    Thanks for your help. Unfortunatly I get the following error:

    Exception Details: System.Configuration.ConfigurationException:
    Authorization rule names cannot contain the '?' character.

    Any other ideas?

    Thanks,
    Jon.

    "Brock Allen" wrote:

    > Use "?" for anonymous
    >
    > -Brock
    > DevelopMentor
    > http://staff.develop.com/ballen
    >
    >
    >
    > > Hi,
    > >
    > > I am trying to use a web.sitemap file in ASP 2.0 Beta 1 to limit the
    > > menu options visible to users. However I have struck a problem. How do
    > > you use roles= to only show items when there is no user logged in (no
    > > roles).
    > >
    > > For example:
    > > <siteMapNode url="" id="User" title="User Features"
    > > description="User
    > > Features" roles="*">
    > > <siteMapNode url="~/user/signup.aspx" title="Sign-Up"
    > > description=""/>
    > > <siteMapNode url="~/user/forgot.aspx" title="Forgotten
    > > Password"
    > > description=""/>
    > > </siteMapNode>
    > > <siteMapNode url="" id="User" title="User Features"
    > > description="User
    > > Features" roles="members, admin">
    > > <siteMapNode url="~/user/changepassword.aspx"
    > > title="Change
    > > Password" description=""/>
    > > <siteMapNode url="~/login.aspx" title="Logout"
    > > description=""/>
    > > </siteMapNode>
    > > I am current using roles="*", but this is still visible to the user
    > > after they have logged in. I only want them to see the options when
    > > they are not logged in. I guess I need something like
    > > roles="anonymous".
    > >
    > > Thanks for your help.
    > >
    > > Jon Edney.
    > >

    >
    >
    >
    >
     
    Jon Edney, Apr 12, 2005
    #3
  4. Jon Edney

    Brock Allen Guest

    Oh, I misunderstood what you're asking for.

    Ok, quickly some background (if you already know this, my apologies). The
    SiteMapDataSource will filter nodes in the tree based upon the current user's
    access to the pages as controlled via the web.config's <authorization> settings.
    So if a user doesn't have access to a page then it wont' show in the Menu/TreeView
    (from the SiteMapDataSource). roles="" in web.sitemap is there to show nodes
    that the user wouldn't normally see. Thius is to let them know it's there
    but if they click/navigate on it you still get access denied via <authentication>.
    Also, for nodes that point outside the application, then they're hidden and
    you need to show them, typically with roles="*". So you're right -- I was
    wrong in saying to use "?" because that's the default if you don't have securityTrimmingEnabled=true
    in web.config.

    Now, what you want is to have the node disappear when the user is not anonymmous.
    To do this, add a <location> element to web.config and allow the anon user
    and deny everyone else:

    <location path="YourAnonPage.aspx">
    <system.web>
    <authorization>
    <allow users="?" />
    <deny users="*" />
    </authorization>
    </system.web>
    </location>

    -Brock
    DevelopMentor
    http://staff.develop.com/ballen



    > Brock,
    >
    > Thanks for your help. Unfortunatly I get the following error:
    >
    > Exception Details: System.Configuration.ConfigurationException:
    > Authorization rule names cannot contain the '?' character.
    >
    > Any other ideas?
    >
    > Thanks,
    > Jon.
    > "Brock Allen" wrote:
    >
    >> Use "?" for anonymous
    >>
    >> -Brock
    >> DevelopMentor
    >> http://staff.develop.com/ballen
    >>> Hi,
    >>>
    >>> I am trying to use a web.sitemap file in ASP 2.0 Beta 1 to limit the
    >>> menu options visible to users. However I have struck a problem. How
    >>> do you use roles= to only show items when there is no user logged in
    >>> (no roles).
    >>>
    >>> For example:
    >>> <siteMapNode url="" id="User" title="User Features"
    >>> description="User
    >>> Features" roles="*">
    >>> <siteMapNode url="~/user/signup.aspx" title="Sign-Up"
    >>> description=""/>
    >>> <siteMapNode url="~/user/forgot.aspx" title="Forgotten
    >>> Password"
    >>> description=""/>
    >>> </siteMapNode>
    >>> <siteMapNode url="" id="User" title="User Features"
    >>> description="User
    >>> Features" roles="members, admin">
    >>> <siteMapNode url="~/user/changepassword.aspx"
    >>> title="Change
    >>> Password" description=""/>
    >>> <siteMapNode url="~/login.aspx" title="Logout"
    >>> description=""/>
    >>> </siteMapNode>
    >>> I am current using roles="*", but this is still visible to the user
    >>> after they have logged in. I only want them to see the options when
    >>> they are not logged in. I guess I need something like
    >>> roles="anonymous".
    >>> Thanks for your help.
    >>>
    >>> Jon Edney.
    >>>
     
    Brock Allen, Apr 12, 2005
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Nate Hekman

    custom data in SiteMapNode (ASP.NET 2.0)

    Nate Hekman, Dec 1, 2004, in forum: ASP .Net
    Replies:
    1
    Views:
    3,258
    Nate Hekman
    Dec 1, 2004
  2. Replies:
    1
    Views:
    2,179
    Bruce Barker
    May 3, 2005
  3. Cal Who

    Multple roles on a SiteMapNode

    Cal Who, Feb 2, 2010, in forum: ASP .Net
    Replies:
    4
    Views:
    3,259
    Cal Who
    Feb 2, 2010
  4. Pavan
    Replies:
    1
    Views:
    381
    Paul Glavich [MVP ASP.NET]
    Jul 14, 2005
  5. Jéjé
    Replies:
    0
    Views:
    245
    Jéjé
    Sep 27, 2005
Loading...

Share This Page