J
John Yopp
I'm using Forms authentication and restricting access to a subdirectory
with a web.config:
<configuration>
<system.web>
<authorization>
<allow roles="PLAIN_USER"/>
<allow roles="ADMIN_USER"/>
<deny users="*" />
</authorization>
</system.web>
</configuration>
I also created a sitemap as follows:
<?xml version="1.0" encoding="utf-8" ?>
<siteMap xmlns="http://schemas.microsoft.com/AspNet/SiteMap-File-1.0" >
<siteMapNode url="~/Default.aspx" title="Home">
<siteMapNode
url="~/MemberPages/Desktop.aspx?pid=2"
title=" Plain User Home |"
description="Plain User Home Page"
roles="PLAIN_USER" />
<siteMapNode
url="~/MemberPages/Desktop.aspx?pid=1"
title=" Amdin User Home |"
description="Admin Home Page"
roles="ADMIN_USER" />
</siteMapNode>
</siteMap>
However, both the "Plain User Home" and "Admin User Home" appear in the
menu. Shouldn't the roles restricted in the sitemap override the
authorization in the web.config?
Thanks
with a web.config:
<configuration>
<system.web>
<authorization>
<allow roles="PLAIN_USER"/>
<allow roles="ADMIN_USER"/>
<deny users="*" />
</authorization>
</system.web>
</configuration>
I also created a sitemap as follows:
<?xml version="1.0" encoding="utf-8" ?>
<siteMap xmlns="http://schemas.microsoft.com/AspNet/SiteMap-File-1.0" >
<siteMapNode url="~/Default.aspx" title="Home">
<siteMapNode
url="~/MemberPages/Desktop.aspx?pid=2"
title=" Plain User Home |"
description="Plain User Home Page"
roles="PLAIN_USER" />
<siteMapNode
url="~/MemberPages/Desktop.aspx?pid=1"
title=" Amdin User Home |"
description="Admin Home Page"
roles="ADMIN_USER" />
</siteMapNode>
</siteMap>
However, both the "Plain User Home" and "Admin User Home" appear in the
menu. Shouldn't the roles restricted in the sitemap override the
authorization in the web.config?
Thanks