Re: roleProvider and Windows Authentication

From: Dominick Baier [DevelopMentor] (dbaier_at_pleasepleasenospamdevelop.com)
Date: 05/21/05 

Date: Sat, 21 May 2005 00:27:20 -0700

Hello Mark,

The roles attribute is intended to specifiy roles that should see the node
in the navigation, regardless of their authorization.

"securityTrimmingEnabled" uses the <authorization> elements in web.config
to determine which nodes to show to whom.

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

> I have a sitemap file containing all of the pages in my application so
> far. I have a menu control on a master page which uses this sitemap as
> it's datasource to build the menu. I'm using Windows authentication
> and the AspNetWindowsRoleTokenProvider but when I assign roles to a
> siteMapNode, it is still shown in the menu, even though I'm not in the
> group specified!
>
> Here's the relevant section of my web.config;
>
> <roleManager defaultProvider="AspNetWindowsTokenRoleProvider" />
> <authentication mode="Windows"/>
>
> And my sitemap;
>
> <siteMapNode title="Registers" url="" description="">
> <siteMapNode title="New Register" url="~/registers/newregwiz.aspx"
> description="Create a new register based upon an issued reigster
> template" />
> <siteMapNode title="Edit Register" url="~/registers/editregister.aspx"
> description="Edit an existing register" />
> <siteMapNode title="Load Register" url="~/registers/loadregister.aspx"
> description="Load a Register for editing"
> SecurityTrimmingEnabled="true"
> roles="ARS_Administrators" />
> <siteMapNode title="Quick Register Entry"
> url="~/registers/qregentry.aspx"
> description="Quickly update a register" />
> <siteMapNode title="Register Entry" url="~/registers/regentry.aspx"
> description="Update a register" />
> <siteMapNode title="Register History" url="~/registers/reghist.aspx"
> description="Show the history of a register" />
> </siteMapNode>
> Any ideas why it's not working?
>