1

I am trying to create a sitemap menu based on roles but when I add all the roles to the root menu and then just individual roles to the individual menu items, I always get everything within the menu.

<?xml version="1.0" encoding="utf-8" ?>
<siteMap xmlns="http://schemas.microsoft.com/AspNet/SiteMap-File-1.0" >
  <siteMapNode url="" title="Menu"  description="" roles="Role1;Role2;Role3">
    <siteMapNode url="~/page1.aspx" title=""  description="" roles="Role1;Role2;Role3">
    </siteMapNode>
    <siteMapNode url="~/page2.aspx" title=""  description="" roles="Role2; Role3">
    </siteMapNode>
    <siteMapNode url="~/page3.aspx" title=""  description="" roles="Role3">
    </siteMapNode>
  </siteMapNode>
</siteMap>

For as per above, Roles 1,2,3 can see the root menu. I am part of Role1 therefore I should only be allowed to see page1.aspx but instead I can see all three.

How to fix that?

The menu is to be shown like so:

Page1 | Page2 | Page3

so if I am only in Role1 I should see:

Page 1 |

sd_dracula
  • 3,796
  • 28
  • 87
  • 158
  • This may help http://stackoverflow.com/questions/2495605/asp-net-web-sitemap-roles-do-not-seem-to-control-visibility – Kevin Main May 22 '12 at 15:00
  • Thanks. But it seems that I cannot make the asp:menu using a sitemap files and roles since the access to each page needs to be made in the web.config file and not in the sitemap file. Kind of makes the sitemap useless for creating menus based on roles. – sd_dracula May 23 '12 at 07:37

3 Answers3

1

Did you set securityTrimmingEnabled on true?

Erwin
  • 4,757
  • 3
  • 31
  • 41
  • I did yes. But for access its fine since I can use: but problem is using the Web.sitemap which becomes useless if it is only needed to give access to users which are not in a particular role. i.e a non-Admin can be given access to admin pages if his role is added to the sitemap – sd_dracula May 23 '12 at 12:45
1

Follow 4guysfromrolla's sitemap menu tutorial Section 3 - Configuring Site Navigation to Use Security Trimmings

The site navigation settings can be configured through the Web.config file using the following pattern:

<siteMap defaultProvider="XmlSiteMapProvider" enabled="true">
  <providers>
    <add name="XmlSiteMapProvider"
      description="Default SiteMap provider."
      type="System.Web.XmlSiteMapProvider"
      siteMapFile="siteMapFileName"
      securityTrimmingEnabled="true" />
  </providers>
</siteMap>

follow the article for detailed information..

Niranjan Singh
  • 18,017
  • 2
  • 42
  • 75
  • thanks that link actually explains sitemaps fully and they dont actually work as one might think, but the sitemap is only used to give extra access to people who are not in certain roles (i.e give admin access to someone who isnt in admin role) – sd_dracula May 25 '12 at 10:09
0

Yes it is enabled.

<siteMap defaultProvider="WMSSiteMapProvider">
      <providers>
        <clear/>
        <add name="WMSSiteMapProvider" type="System.Web.XmlSiteMapProvider" securityTrimmingEnabled="true" siteMapFile="WMS.sitemap"/>
      </providers>
    </siteMap>
sd_dracula
  • 3,796
  • 28
  • 87
  • 158