Sitemap trimming with Forms auth (Active Directory)

C

CJ

Hi All,

I am trying to get a site map working using the roles tag, but cannot
get the items displaing/hiding depending on the roles. I am using
forms authentication. I have tried multiple forms of autherization
flags, adding locations etc. I've gone back to the basic configuration
just to try get the sitemap working properly so I'm not worried about
people accessing the urls directly. I will add that again. So at the
current stage the things I added to my web.config look like this:

<system.web>
..
..
..

<authentication mode="Forms">
<forms loginUrl="Logon.aspx" name="adAuthCookie" timeout="60"
path="/">
</forms>
</authentication>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
<siteMap defaultProvider="XmlSiteMapProvider" enabled="true">
<providers>
<add name="XmlSiteMapProvider"
description="Default SiteMap provider."
type="System.Web.XmlSiteMapProvider "
siteMapFile="Web.sitemap"
securityTrimmingEnabled="true" />
</providers>
</siteMap>
</system.web>



My logon page seems to work fine using this method. I removed any
location path="role names,,,"> tags just to try get the sitemap
working. The particular role I am trying to work on is called
"adviser". I have some users in active directory in this group and
some that aren't so trying to get it working for the different users.
My sitemap file looks like this:

<siteMapNode url="Default.aspx" title="Main Menu">
<siteMapNode url="home_content.aspx" title="Home"
roles="adviser" />
..
..
etc


I tried adding the following to my global.asax to get the identity
object set up. This seems to go through fine when debugging, but not
sure if it's necessary:

Protected Sub Application_AuthenticateRequest(ByVal sender As
Object, ByVal e As System.EventArgs)
If (HttpContext.Current.User IsNot Nothing) Then
If (HttpContext.Current.User.Identity.IsAuthenticated)
Then
If (TypeName(HttpContext.Current.User.Identity) =
"FormsIdentity") Then
Dim id As FormsIdentity =
CType(HttpContext.Current.User.Identity, FormsIdentity)
Dim ticket As FormsAuthenticationTicket =
id.Ticket

' Get the stored user-data, in this case, our
roles
Dim userData As String = ticket.UserData
Dim roles() As String = userData.Split("|")
HttpContext.Current.User = New
System.Security.Principal.GenericPrincipal(id, roles)
End If
End If
End If


Any ideas on what I'm doing wrong is much appreciated!

Conor.
 
C

CJ

A quick note:

I tried adding the following to the forms auth tag but it didn't fix
it:

protection="All"

Conor.
 
C

CJ

A quick note:

I tried adding the following to the forms auth tag but it didn't fix
it:

protection="All"

Conor.
 
D

Dominick Baier

you have to set up authorization elements for the pages/directories. Sitemap
will pick up these settings.

The roles attribute in web.sitemap is ONLY for overriding the settings made
in <authorization>

add <location path="xxx"> with authorization settings.

btw - this is redundant:

<deny users="?"/>
<allow users="*"/>


remove the allow at the end.
 
C

CJ

That works perfect thanks! I think I mis-interpreted what that section
was for and just removed it :S.

Thanks very much for you guidance!

Conor.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
474,053
Messages
2,570,431
Members
47,075
Latest member
TysonV438

Latest Threads

Top