Re: roleProvider and Windows Authentication

From: Dominick Baier [DevelopMentor] (dbaier_at_pleasepleasenospamdevelop.com)
Date: 05/23/05

  • Next message: Mark Parter: "Re: roleProvider and Windows Authentication" 
    To: microsoft.public.dotnet.framework.aspnet.security
Date: Sun, 22 May 2005 21:11:47 -0700

    Enable security trimming in web.config and use the authorization element - you have to authorize anyway - then use the role attribute in the sitemap file - if you want to show the links regardless of authorization.

     Dominick Baier - DevelopMentor
     http://www.leastprivilege.com

       nntp://news.microsoft.com/microsoft.public.dotnet.framework.aspnet.security/<5E499710-B1F8-4C28-A17B-FC61CFE66DE3@microsoft.com>

     Thanks, that did the treat for the "broken" siteMapPath :)
     
     So, if I want to restrict/hide say, the 'Edit Register" menu item, do I add
     a roles attribute to the node in the siteMap or add an authorization element
     to the web.config file, or both?
     
     Thanks again.
     
     "ManniAT" wrote:
     
    > Hi Mark,
    >
    > as I take a close look to your sitemap I found the following:
    > <siteMapNode title="Registers" url="" description="">
    > <siteMapNode title="New Register" url="~/registers/newregwiz.aspx"
    > description="Create a new register based upon an issued reigster template" />
    > <siteMapNode title="Edit Register" url="~/registers/editregister.aspx"
    > description="Edit an existing register" />
    > <siteMapNode title="Load Register" url="~/registers/loadregister.aspx"
    > description="Load a Register for editing" SecurityTrimmingEnabled="true"
    > roles="ARS_Administrators" />
    > <siteMapNode title="Quick Register Entry" url="~/registers/qregentry.aspx"
    > description="Quickly update a register" />
    > <siteMapNode title="Register Entry" url="~/registers/regentry.aspx"
    > description="Update a register" />
    > <siteMapNode title="Register History" url="~/registers/reghist.aspx"
    > description="Show the history of a register" />
    > </siteMapNode>
    >
    > Try to Change this to:
    > <siteMapNode roles="*" title="Registers" url="" description="Everyone sees">
    > <siteMapNode title="New Register" url="~/registers/newregwiz.aspx"
    > description="Create a new register based upon an issued reigster template" />
    > <siteMapNode title="Edit Register" url="~/registers/editregister.aspx"
    > description="Edit an existing register" />
    > <siteMapNode title="Load Register" url="~/registers/loadregister.aspx"
    > description="Load a Register for editing" />
    > <siteMapNode title="Quick Register Entry" url="~/registers/qregentry.aspx"
    > description="Quickly update a register" />
    > <siteMapNode title="Register Entry" url="~/registers/regentry.aspx"
    > description="Update a register" />
    > <siteMapNode title="Register History" url="~/registers/reghist.aspx"
    > description="Show the history of a register" />
    > </siteMapNode>
    >
    > What did I change??
    > Firts I added roles="*" to the first line.
    > Then I removed (not needed) the roles="ARS_Administrators" from another node.
    >
    > Assume the following (I state - not very clear - in my post before):
    > If a node has no URL the system can't decide if this node is enabled for a specific role.
    > Default==not visible -- this means (and I did here) you have to enter the appropriate roles to such a node.
    > ---
    > If a node has an URL the system can decide what roles are allowed to see this node.
    > I prefer to leave roles out in this case - because when I make changes to the access rules,
    > thei are reflected automaticly in the siteMap.
    >
    > So give this slightly changed siteMap a chance :-)
    >
    > HTH
    >
    > Manfred
    >
    >
    >
     
     [microsoft.public.dotnet.framework.aspnet.security]

  • Next message: Mark Parter: "Re: roleProvider and Windows Authentication"

    Relevant Pages

    • Re: Serious help needed with beta 2.0 SiteMapProvider..
      ... that is exactly how the default siteMap implementation works, ... authorization element, but not for single users but for roles - why don't ... Otherwise i would look into the default SiteMap with reflector to see how ...
      (microsoft.public.dotnet.framework.aspnet.security)
    • RE: newbie: menu / sitemap problem
      ... into a separate sitemap file and creating a new SitemapProvider that the ... And a sidebar menu to the left. ... When the "Network" menuitem in my main menu is clicked the sidebar menu ...
      (microsoft.public.dotnet.framework.aspnet)
    • Re: SiteMapPath control doesnt like named anchors in sitemap
      ... This permits the breadcrumb to correctly ... interpret where it is in relation to the sitemap and the page being viewed. ... The site has several navigation elements, all based on the standard VS2005 ... uses a smaller sitemap file to specify section headings. ...
      (microsoft.public.dotnet.framework.aspnet)
    • Re: I have more than hundread links in my site map page
      ... In Google XML sitemaps protocol a single ... sitemap file can contain up to 50.000 urls. ... However, if it was a HTML sitemap, I would say ...
      (alt.internet.search-engines)
    • Convert XML file
      ... I am trying to convert an Asp.Net 2.0 XML sitemap file to a Google's ... I am posting the formats of both files. ... Asp.Net to Google sitemap. ...
      (comp.text.xml)