How can i secure sitemap menu from specific users in asp.net 2.0?

How can i secure sitemap menu from specific users in asp.net 2.0? 
I m using my customes tables for the project security in which user information is saved. My requirement is when a User Login in website then
he/she can see only specific menus that are assigned to them.
I m using Web.SiteMap for my menus..plz help how can i achieve this task.?

my code is below:
Thanks & Best Regards,
-------------------------
Muhammad Kashan Khan
Sr. Software Engineer &
Freelance Software Developer
Email: itskashanhere@hotmail.com
"OH MY ALLAH!, Grant me the serenity to accept the things I cannot change,
Courage to change the things I can,
and Wisdom to know the difference!"
0
Muhammad
5/2/2009 10:01:35 AM
asp.net.security 27051 articles. 1 followers. Follow

3 Replies
1237 Views

Similar Articles

[PageSpeed] 47

You need to create a custom SiteMapProvider, override its IsAccessibleToUser method and assign it in web.config. Here's an example provider:

Provider:

 

using System;
using System.Web;
using System.Data.SqlClient;
using System.Collections.Specialized;
using System.Configuration;
using System.Web.Configuration;
using System.Collections.Generic;
using System.Configuration.Provider;
using System.Security.Permissions;
using System.Data.Common;
using System.Data;
using System.Web.Caching;
using System.Collections;
using System.IO;

namespace Heartysoft.SitemapProviders
{
    /// <summary>
    /// A SiteMapProvider that works with asp.net sitemaps. If security trimming is enabled, then the provider 
    /// looks up security codes from the "rights" attribute of each SiteMapNode in the web.sitemap file. 
    /// If Session["securityCodes"] ( an IEnumerable<string> ) contains a code that exists in a page's rights
    /// attribute, then the SiteMapNode is visible to the user.
    /// </summary>
    [AspNetHostingPermission(SecurityAction.Demand, Level = AspNetHostingPermissionLevel.Minimal)]
    public class SecurityCodeBasedSiteMapProvider : XmlSiteMapProvider
    {
        /// <summary>
        /// Checks if a node is visible to the user.
        /// </summary>
        /// <param name="context">The HttpContext uder which the asp.net request is being processed.</param>
        /// <param name="node">The SiteMapNode to be checked for visibility.</param>
        /// <returns>Returns true if the user can see the SiteMapNode.</returns>
        public override bool IsAccessibleToUser(HttpContext context, SiteMapNode node)
        {
            //If security trimming is disabled, all nodes are visible.
            if (this.SecurityTrimmingEnabled == false)
                return true;

            if (node == null)
            {
                return false;
            }
           
            //fetch rights needed for the node.
            string[] rights = node["rights"].Split(new char[] { ',', ';' }, StringSplitOptions.RemoveEmptyEntries);
            if (rights == null)
            {
                return false;
            }

            if (rights.Length == 0)
            {
                return false;
            }

            foreach (string r in rights)
            {
                //Check for * in rights
                if (r == "*")
                {
                    return true;
                }
            }
            
            //fetch user's security codes from Session.
            IList<string> codes = context.Session["securityCodes"] as IList<string>;
            if (codes == null)
            {
                //no security code for the user...page is not visible.
                return false;
            }

            if (codes.Count == 0)
            {
                return false;
            }


            //check if there's a match between a string in the user's security codes and the SiteMapNode's rights.
            //a match is considered found if the rights start with the user's security code.
            foreach (string r in rights)
            {
                foreach (string c in codes)
                {
                    if (c.ToLower().StartsWith(r.ToLower()))
                    {
                        //match found...return true.
                        return true;
                    }
                }
            }


            //no match...node should not be visible.
            return false;
        }
    }
}

 

 

Web.config:

<system.web>

   

<siteMap enabled="true" defaultProvider="SecurityCodeBasedSiteMapProvider">

<providers>

<add name="SecurityCodeBasedSiteMapProvider" siteMapFile="~/web.sitemap" type="Heartysoft.SitemapProviders.SecurityCodeBasedSiteMapProvider" securityTrimmingEnabled="true"/>

</providers>

</siteMap>

</system.web>

 

 

Web.Sitemap:

<?xml version="1.0" encoding="utf-8" ?>
<siteMap xmlns="http://schemas.microsoft.com/AspNet/SiteMap-File-1.0" >
    <siteMapNode url="" title="" rights="*"  description="">
      <siteMapNode url="~/default.aspx" title="default" rights="*"  description="" />
      <siteMapNode url="~/SecuredPage.aspx" title="secured page" rights="s"  description="" />
    </siteMapNode>
</siteMap>

 

That one uses some security codes in web.sitemap to filter. You will need to modify the IsAccessibleToUser method so that it works with your custom security code.


All that glitters is gold-
Only shooting stars break the mold.
0
HeartattacK
5/2/2009 10:44:49 AM

How can i use my Custom Rights, i have a table with the user id and rights assigned to it... plz tell me the procedure how to lift the rights and aply them.


Thanks & Best Regards,
-------------------------
Muhammad Kashan Khan
Sr. Software Engineer &
Freelance Software Developer
Email: itskashanhere@hotmail.com
"OH MY ALLAH!, Grant me the serenity to accept the things I cannot change,
Courage to change the things I can,
and Wisdom to know the difference!"
0
Muhammad
5/5/2009 7:08:56 AM
Where i call the isAccessibletoUser() and how?
Thanks & Best Regards,
-------------------------
Muhammad Kashan Khan
Sr. Software Engineer &
Freelance Software Developer
Email: itskashanhere@hotmail.com
"OH MY ALLAH!, Grant me the serenity to accept the things I cannot change,
Courage to change the things I can,
and Wisdom to know the difference!"
0
Muhammad
5/5/2009 7:12:42 AM
Reply:

Similar Artilces:

Differences between .net 1, .net 1.1, .net 2.0 and .net 3.0 #2
Hi, This seems to be a common question, but i havent got an answer yet:(Can, any one please explain me the differences between these versions.If you keep your feet firmly on the ground, you'll have trouble putting on your pants! There are too many differences for one email - - from 1.0 to 1.1 (not a whole lot of real change, other than fixes, at least compared to 1.1 to 2.0) With 2.0, there were many new declarative controls, with many new ideas added in With 3.0, it's a superset of 2.0 - instead of replacing the installation completely, it just 'added on' new functionality - I would...

Security Briefs: Security Enhancements in the .NET Framework 2.0
Security Briefs: Security Enhancements in the .NET Framework 2.0 http://msdn.microsoft.com/msdnmag/issues/05/01/SecurityBriefs/default.aspx *********************************************************** Quote *********************************************************** As I write this column, version 2.0 of the Microsoft .NET Framework is at Beta 1. When I got my bits, I hacked together a little program to dump all of the public members of all public types in the entire Framework and ran it on version 1.1 as well as 2.0. I then used WINDIFF.EXE to compare the two text files, and s...

Security
Hi, I have set up the membership and roles provider with Active directory and SQL server respectively, and everything was fine. However I am having this problem in the ASP.NET web Adminstration Tool when I go to Manage Users, and try to edit and save a users Email/Description, it returns an error saying: Please correct the errors below. Type 'System.Security.Principal.SecurityIdentifier' in assembly 'mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' is not marked as serializable. Yet, I do not have any problem with updating the roles database. A search on ...

Differences between .net 1, .net 1.1, .net 2.0 and .net 3.0
Hi, This seems to be a common question, but i havent got an answer yet:(Can, any one please explain me the differences between these versions.If you keep your feet firmly on the ground, you'll have trouble putting on your pants! Have a look into this links http://en.wikipedia.org/wiki/.NET_Framework http://blogs.msdn.com/mohammadakif/archive/2006/12/03/net-3-0-different-versions-of-the-net-framework.aspx http://www.codeproject.com/aspnet/ComparisonASP1xASP20.aspAshok Rajawww.iGold.inDon't forget to click "Mark as Answer" on the post that helped you. This credits that m...

How can i upgrade my project from .net 2.0 to .net 3.0
I have been developing my project in .net 2.0 and and its already deployed for testing. Its not yet in use but its already deployed for testing purposes. Then i realised that i already have .net 3.0 installed both on my developement computer and on our production sever posiibly through these microsoft updates because i did not install .net 3.0 manually, i just found them in the installed programs. So how can i configure this project and all the applications that i will develop in future to use .net 3.0 instead of 2.0 that iam currently using. Basically what i want to do is move my applicati...

.Net 2.0 Web application using Vb.net is unable to create object of another dll writen in C# .net 2.0
Hi, I habe created one ASP.net web application using Vb.net which is adding reference of dlls written in C# and .net 2.0. But whenever trying to create object of referencing dll, it is throwing error :Object reference does not set to an object. But, locally it is working fine,. In the server i have deployed the .aspx files and dll files in the bin. There were already an web.config in the server which is of .net 1.1. But checked it is retrieving value for that web.config correctly. Should i have to deply any other files and if not what can be the solution for this? Please help. Thanks, So...

Implementing Security using WSE 3.0 and .Net 2.0
Greetings,  I've written a ton of webservices in the past but have never touched WSE or applied any turnkey security policies before. I'm looking for a basic tutorial or article that will walk me through setting up security on a web service using WSE 3.0. I've come across several Microsoft articles but they are more overviews rather than step-by-step implementation guides. (http://msdn.microsoft.com/webservices/webservices/building/wse/default.aspx?pull=/msdnmag/issues/05/11/securitybriefs/default.aspx)(http://msdn.microsoft.com/msdnmag/issues/05/11/securitybriefs/default.as...

Application created in new version of .NET (3.0 or 3.5) can use the library created in older version of .NET(i.e.-1.0 or 2.0)?
Hi All, I am using Visual Studio .NET compiler for compiling my application . We have plugins (as library) which the user can write by their own in .NET . We are building our code in Visual Studio 2005 but we have already some plug-ins which are written in previous versions of Visual Studio (i.e. 2002 and 2003). Is these plug-ins will work with the new build of the application or I need to build these plug-ins as well in Visual Studio .NET 2005. These plugins are created as library. Is their any differences between .NET 1.0, 2.0 and 3.0 because of which the old libraries (created in o...

i ve got System.Security.SecurityException: Request for the permission of type 'System.Net.Mail.SmtpPermission, System, Version=2.0.0.0, failed. exception
hi everyone i created windows form user control and i embedded it to asp.net web for , my user control sends mail using by System.Net.Mail library but when i open my web site and click to send button that on my user control  i ve got this exception System.Security.SecurityException: Request for the permission of type 'System.Net.Mail.SmtpPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.    what can i do ? my best regards ..    Couple of questions: 1) Are you running this from an IIS installati...

Security Exception in .Net 2.0
I have a web site that I created with VB 2003 and .Net 1.1 ... it works fine.  Now I am trying to convert it to VB 2005 and .Net 2.0 but I am running into trouble.   The conversion wizard seemed to handle the conversion OK and I can run the site in debug mode on my development machine without difficulty.  After uploading the site to the server and then trying to run it I get the following security exception:  Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Security.Permissions.SecurityPermission, mscorlib, V...

Clickonce deployment anyone (DW.NET 2.0 and .NET 2.0)?
I saw someone had posted a question about this already, and there were no responses. So I am hoping that this will get some. We had problems with the previous version of DW.NET 1.5 + VS2003 when attempting to deploy applications via a web server. So many problems that we eventually decided to run off a network drive (which is OK if your user base doesn't roam around the country). Anyway, we gave up on DW.NET, and started to use the datagrid control. Since then, much has changed. Our development team now has VS2005 professional and may start using DW.NET 2.0 (pending my inv...

Access .Net 2.0 Application from .Net 2.0 Web Site
I need to populate a specific form in a .Net desktop application from a .net web application.  Is there an easy way to go about this? Hi, Based on my understanding, you want to start an executable application from your ASP.NET websit, right? We can invoke Process.Start method (http://msdn.microsoft.com/en-us/library/system.diagnostics.process.start.aspx) to launch an executable application from ASP.NET application. Note: Please keep in mind, the ASP.NET application is running on the server, so it will start the executable application that exists in the server.   I look...

.NET 3.0 or .NET 2.0?
I'm going to move my exiting software to .net soon. I'm just wondering if I should wait for the .NET 3.0 framework to be released or if I can start with the 2.0 now? I'd say you can go ahead and move your code to .Net 2.0 as .Net 3.0 uses the CLR version 2.0.Basically, .net 3.0 is .net 2.0 PLUS some new features for presentation (GUI), communication and workflow process.  So the compiler as well as the language features used by the 2.0 runtime will be the same in 2.0 and 3.0"Never argue with an idiot; He will drag you down to his level and beat you with experienc...

.NET 2.0 Data Connection (.NET 2.0 Beta Data Provider)
I have installed the .NET 2.0 Beta Data Provider, in the server explorer in Visual Studio 2005 I have tried to connect to this provider but I can not see it in the list. Is there something else you need to do to see this other than what is in the instructions or is this not supported yet? Hi Dean, I assume you mean ASE ADO.NET 2.0 Beta. I'm attaching the html readme for this product that you should have from downloading it. Are you talking about using Server Explorer to see the Provider? This functionality isn't working yet and should be available on GA or shortly thereafter. You can register this in GAC, and also there is instructions to manually register to the system explained in the readme file. -Paul <Dean Oldfield> wrote in message news:464db42b.253.1681692777@sybase.com... >I have installed the .NET 2.0 Beta Data Provider, in the > server explorer in Visual Studio 2005 I have tried to > connect to this provider but I can not see it in the list. > Is there something else you need to do to see this other > than what is in the instructions or is this not supported > yet? begin 666 adonet_2.0_readme.htm M/&AT;6P@>&UL;G,Z=CTB=7)N.G-C:&5M87,M;6EC<F]S;V9T+6-O;3IV;6PB M#0IX;6QN<SIO/2)U<FXZ<V-H96UA<RUM:6-R;W-O9G0M8V]M.F]F9FEC93IO M9F9I8V4B#0IX;6QN<SIW/2)U<FXZ<V-H96UA<RUM:6-R;W-O9G0M8V]M.F]F M9FEC93IW;W)D(@T*>&UL;G,Z<W0Q/2)U<FXZ<V-H96UA<RU...

Security trouble after installing .net 2.0
I used IE activex control, written using C# 1.1. It worked ok.But after installing .NET framework 2.0, i started to receive following javascript error, when calling this control method: "That assembly does not allow partially trusted callers".Ok, following http://support.microsoft.com/kb/839300/en-us article, I've made assembly strong named, and tuned .Net 1.1 security - no success, than I also tunned for .Net 2.0 - and begun to receive new error: "Request for the permission of type 'System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0,..." fa...

web.config problems when upgrading from .NET 2.0 Beta to .NET 2.0 release version
We uninstalled .NET 2.0 Beta and replaced it with .NET 2.0 release version.  And it messed everything up.  All applications now give weird errors indicating the lack of web.config files, despite the fact that they already have web.config files in place.  For example, the following error occurs even though the web.config file has <customErrors="Off">: Runtime Error Description: An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for securit...

Can we deploy a .net 1.1 app to a .net 2.0 server?
Hi, We have been hosting an app on a server that has ASP and ASP.net 1.1 support.  We are now moving to an ISP that has ASP, ASP.net 1.1 and ASP.Net 2.0 plans.  We will soon migrate the development environment to VS 2005.  However, today we use VS 2003.  My question is can we initially deply to a server that has .net 2.0 support?  Are the 2.0 libs fully backward compatible? jerry    You can deploy a 1.1 app to a server runnuing both 1.1 and 2.0 by setting the framework version for the application on the server.  You can deploy many (bu...

Auto login with .Net 2.0 security suite
Is there a way I can auto logon users to the site, which has the .Net 2.0 memberships built in? Let's say we pass username and password in a link or something and the person who clicks on it should be able to login without further entering the same information on the page.  Any ideas??? That raises extreme security concerns, but there is nothing preventing you from login in a user on your own.Membership.ValidateUser method will allow you to see if a user's name and password are OK. Then you can just FormsAuthentication.SetAuthCookie("someusername", false) to log them in. Thanks fo...

Help
I just installed Visual Web Developer 2005 Express. As part of the process, it installes .Net 2.0 beta 1. I have some other example projects I was playing with that use Web Matrix, .Net 1.1 and J# Runtime 1.1. It no longer works and I get an error when running my web services: Server Error in '/' Application. Configuration Error Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately. Parser Error Message: The codedom provider t...

Can a .NET 1.1 page execute in a .NET 2.0 web site?
I've got a ASP.NET 1.1 web site to which I would like to add some ASP.NET 2.0 web pages. Could I just change the web site to point to the 2.0 .NET version and still have the .NET 1.1 web pages work so that both versions are in the same web site? Have you some of you approached this? Thanks. The official answer is maybe It's not officially supported, but most ASP.NET 1.1 pages will run fine under ASP.NET 2.0.  Officially you should run the upgrade wizard on your 1.1 pages. This is a  pretty good blog entry.      JamesMy Blog: http://www.wintersfamily.plus.c...

Will AJAX Extensions 1.0 (for .NET 2.0) be affected by .NET 3.0?
Hello all,I have a web server that has a couple of site running using .NET 2.0 with the AJAX Extensions 1.0 (but not the ControlKit) and I need to install another Web App site that uses .NET 3.0. I need to know if installing .NET 3.0 will affect the sites that currently use 2.0 and the AJAX Extensions 1.0 as these sites are live and any down time would get me in the @~!£$.If there are issues, are there any work arounds? Many Thanks in advance  The .net Framework 3.0 and 3.5 add features to the .net framework 2.0 so installing the additional framework should not cause any pro...

Enterprise Library for .NET Framework 2.0 security problem.
I use Enterprise Library for .NET Framework 2.0 in my project. One of the dlls is Microsoft.Practices.ObjectBuilder.dll. Just when I upload that file I get the security error: "System.Security.Policy.PolicyException: Required permissions cannot be acquired". It's working on my local computer but not on the hoster's server. My hoster is GoDaddy. There is a medium security level. What trust level that dll requests? How can I solve the problem?"A successful person is one who can lay a firm foundation with the bricks that others throw at him." http://www.russiangeek.com/ Man I'm ...

.NET 2.0 Security with 3-Tier Web App
I would like to use .NET 2.0 security with a 3-tier web application. Can someone post some links or give me some advice on how to do this?Thanks,Joe  you can check the .net pet shop or you can check out most online open source commerce apps....they are n-layer and have security. if it is web based it is pretty easy since everything is there for you, membership, roles, profiles...etc.Joël Hébert [MVP ASP.NET]Opulent ASP Development Inc.www.opulentasp.comOttawa,CanadaClick "Mark as Answer" on the posts that helped you to help future readers to get the solutions...

.NET 2.0 and .NET 3.0 Running parallel
Are there any known issues for both of the frameworks running in parallel on same machine Also searched on the web but would like to know complete reference, before I dirty my hands on the 3.0.Any help is appreciated.regardsRaheel Hussain--------------------------------Blog: http://www.dnfug.com/web/blogs/raheel/URL: http://www.raheelhussain.com/--------------------------------This posting is provided "AS IS" with no warranties, and confers no rights. The 2.0 and 3.0 frameworks don't run separately, they run together.  Think of .NET 3.0 as an extension of 2.0, ...

Custom Paging .Net 2.0 to .Net 3.0
 I have a web app written in VS 2005 that uses griviews with custom paging and sorting done as follows. <asp:GridView ID="GridView1" runat="server" AutoGenerateColumns="False" DataKeyNames="rec_id" BorderColor="White" BackColor="White" BorderStyle="Ridge" BorderWidth="2px" CellPadding="3" CellSpacing="1" GridLines="None" AllowPaging="True" AllowSorting="True" PageSize="20" OnSorting="Gvemp_sort&q...

Web resources about - How can i secure sitemap menu from specific users in asp.net 2.0? - asp.net.security

Specific - Wikipedia, the free encyclopedia
Specific Pathogen Free , of a laboratory animal guaranteed free of particular (i.e., specific and named) pathogens "Specific" generally means ...

Specific activity - Wikipedia, the free encyclopedia
... SI quantity related to the phenomenon of natural and artificial radioactivity. The SI unit of "activity" is becquerel, Bq, while that of "specific ...

Post Planner Launches Time Zone-Specific Facebook Posting Feature
So your company is based in San Francisco, but you’ve got a big fan base in Berlin. Posting to your Facebook page at 3 p.m. from California means ...

PSA: Apple hasn’t fixed the Gatekeeper vulnerability, only blocked specific apps using it
... Gatekeeper reports that the vulnerability remains despite two security patches applied by the company. Each, he says, only blocks the specific ...

Facebook Tests Interest-Specific News Feeds on Mobile
Facebook is adding customizable interest-based feeds. A newspaper made up of all the world's newspapers. pic.twitter.com/Ll7pib6Mb5 Jason Stein ...

Clinton, Sanders spar over specifics in Iowa
The Democratic candidates squared off on their vision and experience at a town hall in Des Moines

Mad Catz launching Samsung-specific game controllers
... their game controllers to Samsung Mobile. Mad Catz is revealing at CES 2016 that they are developing controllers and game pads that are specifically ...

Reporter Took Orders from Hillary Clinton’s Staff, Down to Specific Adjective
Reporter Took Orders from Hillary Clinton's Staff, Down to Specific Adjective

Roger Goodell Evades Specifics When Asked About PSI Violations, Tom Brady’s Suspension
In the rare instances when Goodell was asked an uncomfortable question or two, he managed to evade answering anything specifically.

Curry has 'built-up animosity' towards one specific stat
... Home Giants A's Sharks Warriors Kings 49ers Raiders Quakes Insiders More Tickets Shop Watch Curry has 'built-up animosity' towards one specific ...

Resources last updated: 2/16/2016 4:46:14 AM