Security Trimming in ASP.Net 2.0 question

Discussion in 'ASP .Net Security' started by Patrick.O.Ige, Oct 3, 2006.

  1. Hi guys,
    Just got a questions here regarding Site Navigation
    I have SiteMapNode with Roles attribute
    The Roles are from Active Directory since i'm using Windows Auth.
    But the problem is my treeview menu is going to be huge and i would have to
    be constructing the siteMap and then assigning the proper
    roles to each node.It works fine but its not dynamic.
    So is it possible generate a siteMap file or write an applicaton that can
    split out a siteMap file.But i would need the Roles attribute to contain the
    groups from the Active Directory
    So for example <siteMapNode url="~/reports/setup/report.aspx"
    title="Setup" description="Setup Report" roles="ReportManager,Adnin,Senior
    Managers" />
    where ReportManager,Admin,Senior Managers
    role is from the AD
    Any ideas?
     
    Patrick.O.Ige, Oct 3, 2006
    #1
    1. Advertising

  2. Hi,

    the roles attribute is NOT meant to specify who can see the node. SiteMap
    pulls this information from the <authorization> element in web.config.

    The roles attribute is only used if you want to override the information
    from web.config.

    You first have to make sure your client only have access to stuff they are
    allowed, then you don't have to specify any role attribute at all.

    Maybe does not answer your question - but saves you from a security problem
    :)

    ---
    Dominick Baier, DevelopMentor
    http://www.leastprivilege.com

    > Hi guys,
    > Just got a questions here regarding Site Navigation
    > I have SiteMapNode with Roles attribute
    > The Roles are from Active Directory since i'm using Windows Auth.
    > But the problem is my treeview menu is going to be huge and i would
    > have to
    > be constructing the siteMap and then assigning the proper
    > roles to each node.It works fine but its not dynamic.
    > So is it possible generate a siteMap file or write an applicaton that
    > can
    > split out a siteMap file.But i would need the Roles attribute to
    > contain the
    > groups from the Active Directory
    > So for example <siteMapNode url="~/reports/setup/report.aspx"
    > title="Setup" description="Setup Report"
    > roles="ReportManager,Adnin,Senior
    > Managers" />
    > where ReportManager,Admin,Senior
    > Managers
    > role is from the AD
    > Any ideas?
    >
     
    Dominick Baier, Oct 3, 2006
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Paul
    Replies:
    0
    Views:
    355
  2. =?Utf-8?B?TSBIYW1tZXR0?=

    Security Trimming and SiteMap

    =?Utf-8?B?TSBIYW1tZXR0?=, May 15, 2006, in forum: ASP .Net
    Replies:
    0
    Views:
    341
    =?Utf-8?B?TSBIYW1tZXR0?=
    May 15, 2006
  3. Replies:
    2
    Views:
    4,813
  4. John Yopp
    Replies:
    0
    Views:
    651
    John Yopp
    Jun 22, 2006
  5. Kbalz
    Replies:
    1
    Views:
    552
    Kbalz
    Aug 28, 2006
Loading...

Share This Page