0

I have a web application in ASP.NET, which has a site map.

One of these menu items must be displayed only, if the user is assigned role roleX.

<?xml version="1.0" encoding="utf-8" ?>
<siteMap xmlns="http://schemas.microsoft.com/AspNet/SiteMap-File-1.0">
    <siteMapNode url="~/" title="Root"  description="...">
      <siteMapNode url="" title="Menu 1"  description="" roles="*">
        <siteMapNode url="~/Default.aspx" title="Item 1"  description=""  roles="*"/>
        <siteMapNode url="~/rss.aspx" title="Subscription"  description="" roles="*" />        
      </siteMapNode>
      <siteMapNode url="~/specialPage.aspx" 
                   title="Some special page" 
                   description="" 
                   roles="roleX"/>
    </siteMapNode>
</siteMap>

In my web.config I've setup the site map and the role provider like this:

<connectionStrings>
    <add name="dbConnectionString" connectionString="Data Source=MY-MACHINE\SQLEXPRESS;Initial Catalog=MyDatabase;Persist Security Info=True;Integrated Security=SSPI" providerName="System.Data.SqlClient"/>
</connectionStrings>

...

<siteMap defaultProvider="XmlSiteMapProvider" enabled="true">
    <providers>
        <add name="XmlSiteMapProvider"
            description="Default SiteMap provider."
            type="System.Web.XmlSiteMapProvider "
            siteMapFile="Web.sitemap"
            securityTrimmingEnabled="true"/>
    </providers>
</siteMap>

<roleManager 
    defaultProvider="SqlProvider" 
    enabled="true"
    cacheRolesInCookie="false"
    cookieName=".ASPROLES"
    cookieTimeout="30"
    cookiePath="/"
    cookieSlidingExpiration="true"
    cookieProtection="All">
<providers>
    <clear/>
    <add
        name="SqlProvider"
        type="System.Web.Security.SqlRoleProvider"
        connectionStringName="dbConnectionString" 
        applicationName="MyApp" />
</providers>
</roleManager>

There are tables

  1. aspnet_Applications
  2. aspnet_Membership
  3. aspnet_Paths
  4. aspnet_PersonalizationAllUsers
  5. aspnet_PersonalizationPerUser
  6. aspnet_Profile
  7. aspnet_Roles
  8. aspnet_SchemaVersions
  9. aspnet_Users
  10. aspnet_UsersInRoles
  11. aspnet_WebEvent_Events

in the database MyDatabase.

There are no records in the aspnet_UsersInRoles table.

So, when I launch the web application, the menu item (site map node) specialPage.aspx should not be visible (because no user is assigne the role roleX).

But it is displayed nevertheless.

2 questions:

  1. Why?
  2. What can I do in order for the menu item specialPage.aspx to be visible only, if the user is assigned the role roleX ?
Calum
  • 1,889
  • 2
  • 18
  • 36
Glory to Russia
  • 17,289
  • 56
  • 182
  • 325
  • 1
    To start trouble shooting, I would suggest programatically testing if roles are working via: if(User.IsInRole("Role")) (http://msdn.microsoft.com/en-us/library/ms127603(v=vs.110).aspx) in you code behind. Write some simple code that makes a control visible or not depending on the users role. – Mausimo May 06 '14 at 14:48
  • Next step would be to read: http://stackoverflow.com/questions/2495605/asp-net-web-sitemap-roles-do-not-seem-to-control-visibility and this post http://forums.asp.net/t/1096023.aspx?Treeview+with+Sitemap+hiding+node+based+on+roles – Mausimo May 06 '14 at 14:55

0 Answers0