Trying to work with Site-Map Security Trimming

I have created a website with ASP.NET that [now] has separate folders that has .aspx forms that I want to segment by levels of authorization. I followed the 'How Site-Map Security Trimming Works and I've added the following code to my web.config file:

<siteMap defaultProvider="default">

<providers>

<clear />

<add name="default" type="System.Web.XmlSiteMapProvider" siteMapFile="web.sitemap"

securityTrimmingEnabled="true" />

</providers>

</siteMap>

I have created Roles for each group and have turned on Roles. No matter what authorizations I give any Role, my treeview and my siteMapPath are blank. When I delete the above code, everything returns to normal (ie, I can see everything as I expect). Is MS leaving a few critical steps out of their docs about the code required. {I would like to be able to turn off some pages while still seeing their folders appear inaccessible to some users}

WHAT AM I DOING WRONG OR MISSING?

0
kmgma
3/13/2008 10:33:42 PM
asp.net.navigation-controls 13714 articles. 0 followers. Follow

7 Replies
714 Views

Similar Articles

[PageSpeed] 48

add this under </siteMap> in web.config 

<roleManager enabled="true"/>

and for set role to sitemap that you want you must set in MasterPage

and web.config in all folder for Role

 


If you want a thing well done, do it yourself
0
lnwThai
3/14/2008 1:11:50 AM

lnwThai:

add this under </siteMap> in web.config 

<roleManager enabled="true"/>

and for set role to sitemap that you want you must set in MasterPage

and web.config in all folder for Role

 

I understand to put that in the web config AFTER the </siteMap> tag but what do you mean for the last two lines? Are you saying I must make a change to my MasterPage AND additional entries in my web config for EACH role?
0
kmgma
3/14/2008 1:30:36 AM

Sorry to keep hoping on the same point, I think my last email cut off the whole grouping...

<roleManager enabled="true" />

<siteMap defaultProvider="XmlSiteMapProvider" enabled="true">

<providers>

<add name="XmlSiteMapProvider"

type="System.Web.XmlSiteMapProvider"

siteMapFile="web.sitemap"

securityTrimmingEnabled="true" />

</providers>

</siteMap>

 

Your line is the first line of my code before the siteMap tag. I tried sticking it at the end below /siteMap but got an error message. I guess I'm too new at this material to fully understand what I need (sorry!)

 

0
kmgma
3/14/2008 1:50:34 AM

There are a whole set of examples you can work through in the QuickStarts: http://quickstarts.asp.net/QuickStartv20/aspnet/doc/navigation/default.aspx.

Essentially, the site map takes its security from the authorization defined in web.config, but only when the securityTrimmingEnabled attribute is set to true (it defaults to false). So you first have to redefine the siteMap section, to ensure the attribute is enabled. The above definitions should work and they should be within the <system.web> section in web.config; the order doesn't matter as long as they are within the correct section.

To lock down files or folders you need to use the <authorization> section. For files (or folders) in the top folder of the site (ie the root folder) you need to use the <location> element; this specifices a particular location to which some settings apply. For example:

<location path="foo.aspx">
 <system.web>
  <authorization>
   <allow roles="Admin" />
   <deny users="*"/>
  </authorization>
 </system.web>
</location> 

This locks down foo.aspx so that only those users in the Admin role can access it. The path specified can be a folder instead of a single file, in which case the authorization applies to all files within that folder.

If you want to block anonymous users (ie those who haven't logged in), then you'll need to enable the identification of anonymous sers (again in web.config):

<anonymousIdentification enabled="true" /> 

d

0
Dave
3/14/2008 4:02:59 PM

Dave,

Yea, that's what gave me the idea in the first place. I was watching the ASP.NET video on Roles and Masterpages...I copied the code right out of the code-page and everything in sitemap and navigation page went blank. I could not bring it out until I backed that code out of my Config file. That's when I started looking up keywords trying to solve. I'll try your suggestion. and I'll check out the tutorials you recommend! Thanks

0
kmgma
3/14/2008 8:03:15 PM

I hate to sound so dense but my app still doesn't recognize my roles, Administrator can't see either of the maps (TreeView not SiteMapPath). So let me retrace my steps (sorry to be so explicite but I don't see where I'm going wrong):

1. I set up 3 roles in my Web Site Administration Tool (Admin, Registered, Unregistered) Annonymous is not defined.

2. I assign Users to one of these roles.

3. Under 'Create Access Rules, I assign (by folder) a Deny or Allow access to each role.

4. In the top level Web.config file I insert the following code:

<system.web> in this section...

<roleManager enabled="true" />

<siteMap defaultProvider="XmlSiteMapProvider" enabled="true">

<providers>

<add name="XmlSiteMapProvider"

type="System.Web.XmlSiteMapProvider"

siteMapFile="web.sitemap"

securityTrimmingEnabled="true" />

</providers>

</siteMap>

5. As a result, in each of the folders an XML file gets created, like this sample for the Admin folder.

<?xml version="1.0" encoding="utf-8"?>

<configuration>

<system.web>

<authorization>

<allow roles="Administrator" />

<deny users="*" />

</authorization>

</system.web>

</configuration>

6. What more must I do to get Admins to see the TreeView and SiteMapPath while all other users have no access?

Any help would be much appreciated!
0
kmgma
3/17/2008 3:45:31 PM

That's pretty much it. You need to make sure that you've actually got files that map to the urls in your site map; with security trimming if there is no url then the node doesn't get shown, because ASP.NET can't work out the security. I've knocked together a quick site that works, so you should be able to see from this: ipona.com/temp/website10.zip.

 If you need to have nodes that are just containers (ie they have no url, but have child nodes that do), then add the roles="*" attribute to allow the node to be seen. Or substitude * (whichmeans all roles) for a specific role name.

d

0
Dave
3/17/2008 4:16:11 PM
Reply:

Similar Artilces:

I am trying to find .NET FrameWork class libraries and ADO.NET libraries maps to hang in my cube at work or at home.
Hello,    I am in search of the .NET Framework 1.x and 2.0 and 3.0 class library maps and ADO.NET class library maps to hang/pin to my cube at work and also at home. I believe that helps understand more about the Framework and also if some thing is presented in a pictorial representation I guess I can learn more than reading whole lot of stuff.   So is there a place on the net or any company that offers this to buy or down load?   Any inputs or help me finding on this is greately appreciated.   Thanks in advance, -L   The Visual Studio magazine use...

yahoo style site navigation control for .net
Hi, Any pointers to articles or advice on setting up site navigation using vb.net? I want something like Yahoo or the Asp.net forums style links on the top of his page (e.g. Home -> Finance). All I can find on the search engines is some article on "yahoo style" site navigation which was implemented in regular (old) asp, and all the articles I see on this site refer to 'site map path' and other classes in the upcoming whidbey .net release. One of the constraints is that I have heavily customized IBS Store with lots of dynamically generated content...so I need a site nav...

TreeView with custom site map(security trimming enabled)
Hi all I am really having tough time fixing this issue, Can anyone please guide me on this.. Here is my situation, I am developing a Portal having 2 xml sitemaps(one for visitors and one for registered users) Web.sitemap (default) and Loggedin.sitemap(securitytrimming enabled) I am binding sitemaps to Treeview.When i enable my security trimming  for loggedin.sitemap  i am having these issues. 1.Sitemappath is going blank 2.Selected Node color is not changing. 3.Selected node is not expanding. Here is the code i am working on  Web.config ..............................

Security Trimming and TreeView Site Navigation in Windows mode authentication
Hi guys, I have a custom sitemap provider, which reads and loads the sitemap data from sql database which is then used with a treeview control for site navigation. Roles are also loaded from database for each node, for example AdminRole, FeesRole, CommunicationRole for the root node and only AdminRole, FeesRole for Fees node and AdminRole, CommunicationRole for Communications node as the node Roles.   I am using windows authentication and in my web.config I have authentication mode="Windows", and also Impersonate = true as this is an Intranet application. I also s...

Trying to get a 2.0 site (with AJAX.NET) working on Server 2000
I recently wrote an application using AJAX.NET (and obvioulsy .NET 2.0).  When I went to publish the site on the server I realized that neither .NET 2.0 or AJAX.NET were installed.   I downloaded both and installed.  Rebooted the server to be sure.   After I created the virtual directory, I went to check the site.  I got a parse error ont he web.config file, immediately I realized that I forgot to set the site to 2.0 from 1.1 (like I do EVERY SINGLE TIME, but that is not here nor there).    The wierd thing is, is that once I switched over to 2.0 when...

Access Net work mapped drive VB.NET
Hi I have a docuemnt mangemnt system coded in VB.NET. The system sometimes needs to get documents from Network mapped drive and shared drives. In development machine everything works fine. But when I moved the code to Test serever, it could not access the mapped drives. I tried all security settings. But still could not. I tried unc path, but it throws In valid user exception. Can anybody help m eto solve this issue. Thank you Jikk Hi Jikk, What login is your app running under? Whichever it is, it has to have permission to access the network, which ASPNET doesn'...

When u press to find the sites that u visit and try to press on a site it wont work,u must press on a site and again out side to open that side
Name: Alex Abou Merhi Email: a_aboumerhiathotmaildotcom Product: Firefox Release Candidate Summary: When u press to find the sites that u visit and try to press on a site it wont work,u must press on a site and again out side to open that side Comments: When u press to find the sites that u visited and try to press on a site it wont work(open),u must press on a site and again out side(anywhere else than the box where u see the visited site) to open that site :S please fix this problem by pressing once on the site to open it like the older versions , i think its a bug :P hope u...

Validation controls does not work on my site but work fine on my development server
Validation controls does not work on my site but work fine on my development server. Everything work well on my developemnt server but it doesn't work when I uploaded it to my website. Please help!! I'm having the same problem...Windows 2003 Small Business Server. Read this: http://groups.google.de/groups?hl=de&lr=&ie=UTF-8&oe=UTF-8&threadm=6beedd9c.0307141018.49d49062%40posting.google.com&rnum=1&prev=/groups%3Fq%3D%2522IIS%2B6%2522%2Bvalidator%26hl%3Dde%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8%26selm%3D6beedd9c.0307141018.49d49062%2540posting.google.com%26rnum%3D1...

secure sites not working
Name: H Patel Email: mailhonatyhaoodotcom Product: Firefox Summary: secure sites not working Comments: Not able to go into secure sites. e.g. not able to go into yahoo mail, or make payments Browser Details: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9) Gecko/2008051206 Firefox/3.0 From URL: http://hendrix.mozilla.org/ ...

Security trimming not working
Hello can someone tell me what im doing wrong with my sitemap? All i simply want is allow Non Restricted users to view the addNewUser.aspx (plus everything else) and the Restricted users to view everything BUT the addNewUser.aspx. I have securitytrimming enabled on the relevant sitemap in the webconfig file. I currenly have this coded in my sitemap:<siteMap xmlns="http://schemas.microsoft.com/AspNet/SiteMap-File-1.0" > <siteMapNode url="" title="Site Admin" description="" roles="Non Restricted, Restricted"><siteMapNode...

Trying to Map Navigation
I have Created a SiteMap and named the File .... Web.SiteMap ..... I have also Created a Master page and named it .... Navigation.master. I created all of my webpages that I have defined in my Web.SiteMap code view and linked all the pages to the Navigation.Master page.   My Code for my Web.SiteMap is as Follows.   <sitemap> <!-- HomePage --> <siteMapNode title="Home page" description="Home Page" url="~/Home.aspx"> <!-- About page --> <siteMapNode url="~/About.aspx" title="Abo...

Validation control in composite control is not working in ajax.net v 1.0
In reference to http://forums.asp.net/thread/1545781.aspx: I have a composite control that implements ivalidator (uses Page.Validators.Add) that no longer works with the new ajax.net. what do I do to make it work again?...

Navigation and Security Trimming
Hi there Is it possible to have a siteMapNode, that is only visible to anonymous Users? With the other Roles it works perfectly. I try something like this: Web.Config: <siteMap defaultProvider="XmlSiteMapProvider" enabled="true"> <providers> <add name="XmlSiteMapProvider" description="Default SiteMap provider." type="System.Web.XmlSiteMapProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" siteMapFile="Web.sitemap" securityTrimmingEnabled="true" /> </providers> </siteMap> Web.Sitemap: <?xml version="1.0" encoding="u...

returning from secure site to non secure site
Hi, I want to return from secure site to non secure site using Response.Redirect method but it stays in secure site dowsn't redirect to non https site. How can I fix this problem, and why it is a problem. Kind regards,Fatih UÇAR To redirect between a SSL site to a non SSL site, you have to specify the full qualified url (including the protocol) as the parameter for response.redirect. For example: Response.Redirect("http://.....") or Response.Redirect("https://.....") Thanks zhuhua for your answer yes I have specified fully qualified name that's why an alert box appears by i...

Page.User.IsInRole only working to check AD in vs.net, does not work once site is published.
 RE: Page.User.IsInRole only working to check AD in vs.net, does not work once site is published.  I checked local IIS and site is configured to annonymous and Integrated Windows Security. This is Odd. I have an an AD group on my domain. I am able to restrict diretory access via the web config allow roles pointing to it. works great everywhere I deploy. And in my master page codebehind, I can test isinrole while in VS and works great. This statement being false.  If Not (Page.User.IsInRole("mydomain\myADgroup")) Then However if I publish the site to my l...

In my bank site a browser control that offuscated the key don't works in Firefox but in IE works
Name: Allen Polo Email: polodotallenatgmaildotcom Product: Firefox Release Candidate Summary: In my bank site a browser control that offuscated the key don't works in Firefox but in IE works Comments: In my bank site a browser control that offuscated the key don't works in Firefox but in IE works. The control receive by the keyword clicking on the site avoiding typing on the keyboard. When you made clicks on letters the control works fine but when you click a number the cursor is repositioned at the beginning of the field, if the user is not careful of repositioning t...

When loading gmail must always "reload" once unless using the secure loading site. When using the secure loading site loading takes four times as long. So I don't use the secure loading site, I just
Name: Dwight Metcalfe Email: dwmet1atgmaildotco Product: Firefox Summary: When loading gmail must always "reload" once unless using the secure loading site. When using the secure loading site loading takes four times as long. So I don't use the secure loading site, I just "reload" the other site once automatically just to save time. Hmmmmmmmm. Comments: Only been doing that about a month. Browser Details: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3 From URL: http://hendrix.mozilla.org/ Note to reade...

Trying to load a control into a control from another control
Exactly as the subject states, I'm trying to load a control into another control from a control loaded into a page, I keep getting this error from the code I have below. I've also tried the findcontrol but it keeps coming up null. (67): 'System.Web.UI.UserControl' denotes a 'class' where a 'variable' was expected UserControl ut = ((webcontrols.BrowseItems)UserControl).LoadControl("BrowseItems"); ((webcontrols.BrowseItems)UserControl).pnl_browse_main.Controls.Add(ut); This is how we Load User controls into a content place holder. try { UserControl ctl; ctl = (UserControl)LoadControl(PagePath.ReturnPagePath(Request.QueryString["CurrentPage"])); this.contentPlaceholder.Controls.Add(ctl); } catch (Exception ex) { Response.Write(ex.Message); Response.Write("Unable to load " + (string)Session["CurrentPage"] + " control"); } You need to replace the whole ctl call with the UserControl object the you created. When you Response.Write your execption on a load fail. change the output to whatever you would like to display. By looking at your naming scheme it looks like you just want to fill a Panel. For this we usually make a Panel on the page and goto the solution explorer then drag and drop the usercontrol we wish to display into the panel. If you are not wanting to change this dynamically later in your solution the drag and drop is the easiest way to go.It's not ...

Getting "Problem in Mapping Fragment starting at line ..." error when trying to create table mappings for table associations in ADO.NET Entity Framework
 Table A: COUNTRY_LOOKUP COUNTRY_ID   smallintclustered, unique, primary key located on PRIMARY    COUNTRY_ID TABLE B: COUNTRY_MODE_RULES CARRIER_ID    intMODE_RULE_TYPE_ID    intORIG_COUNTRY_ID    smallintDEST_COUNTRY_ID    smallint clustered, unique, primary key located on PRIMARY    CARRIER_ID, MODE_RULE_TYPE_ID, ORIG_COUNTRY_ID, DEST_COUNTRY_IDThere is a foreign key relationship from COUNTRY_MODE_RULES to COUNTRY_LOOKUPORIG_COUNTRY_IDREFERENCES .COUNTRY_LOOKUP (COUNTRY_ID)DEST_CO...

Security trimming does not work on SiteMap
Yup, tried it several times without success. I have a part of the site, say ~/Administrative/ which is protected so that only people in the Administrator role gain access. If I am not logged in as Administrator and try to access it I get redirected to the login page. Now, I added all the pages of the administrative section to the web.sitemap and added the role="Administrator" and securityTrimmingEnabled="true" attributes to the sitemap node that groups the administrative pages. I see the following problems: When I name the attribute securityTrimmingEnabled I get...

Some secure sites dont work
Name: Product: Namoroka Summary: Some secure sites dont work Comments: For eg. signup.hulu.com does not load in Firefox but loads properly in IE. Browser Details: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.9.2b4) Gecko/20091124 Firefox/3.6b4 From URL: http://hendrix.mozilla.org/ Note to readers: Hendrix gives no expectation of a response to this feedback but if you wish to provide one you must BCC (not CC) the sender for them to see it. ...

Security Trimming not working as expected
I'm using Windows Authentication. I have a websitemap with several siteMapNode sections but I will only post one that I'm having issues with.<siteMapNode title="Quality Control" description="Quality Control" roles ="Everyone" > <siteMapNode url="~/QualityControl/QCMainPage.aspx" title="QC Main Page" description="QC Main Page"/><siteMapNode url="~/QualityControl/CarFilter.aspx" title="Currently Open CAR's" description="Open CAR's"/> </siteMapNode>  I...

Security trimming not working #2
Good Evening, This is a .NET 3.5 project written with VS2008 and using an MS SQL 2005 datasource.  Users can log in and log out with no problem and the data access components are working with no problem.  The issue is that the items that shouldn't be available when the site is being accessed anonymously are still available.  The web.sitemap looks like this: <siteMap xmlns="http://schemas.microsoft.com/AspNet/SiteMap-File-1.0" > <siteMapNode roles="*" url="Default.aspx" title="" imageUrl="images/homebu...

site map navigation sitemappath
Hi, I have 2 question,    1) can I use multiple sitemappath control in my application to use for navigation? . 2) if I have a sitemappath for site navigation,  in which there are some pages I don't want user to see  but every page should be visible to the adminstrator, so how could I set up my sitemappath to do so? learning.. : )  Hi,1) yes.2) Take a look at Site-Map Security Trimming feature. http://msdn.microsoft.com/en-us/library/ms178428.aspx Regards,Ivan 1. Yes you can, but the SiteMapPath talks directly to the provider, so you have to con...

Web resources about - Trying to work with Site-Map Security Trimming - asp.net.navigation-controls

Site map - Wikipedia, the free encyclopedia
A site map (or sitemap ) is a list of pages of a web site accessible to crawlers or users. It can be either a document in any form used as a ...

Site map - Navigating thetelegraph.com.au website - thetelegraph.com.au
Skip to: Main Content Site Navigation Site Footer Site Search Site Map Network Navigation (other sites) news.com.au Fox Sports CareerOne Carsguide ...

Site map - Geelong Advertiser
Skip to: Main Content Site Navigation Site Footer Site Search Site Map Network Navigation (other sites) News.com.au Foxsports CareerOne CarsGuide ...

TSN.ca Site Map
The most comprehensive site on the internet for Sports from a Canadian perspective.

Site Map - People's Daily Online People's Daily Online Site Map
People'sDailyOnlineSiteMap Site Map   People'sDailyOnlineEnglishEdition (eng

Apple (United Kingdom) - Site Map
Site map for Apple.com.

Site Map - Babble
For a new generation of parents

Site Map
We have redesigned BaltimoreSun.com's navigation. Check out our quick how-to. LIKE 64° Site Map College Sports Maryland Terrapins Real Estate ...

Site map
Breaking News, Latest News and Current News from bangkokpost.com. Latest Current News: Thailand, Asia, Entertainment, Health, Business, Technology, ...

BaseballAmerica.com: Help: Site Map
The Home For Baseball Insiders

Resources last updated: 3/4/2016 11:48:45 AM