Re: using AspNetActiveDirectoryMembershipProvider question

Hi,

if you set securityTrimmingEnabled in the sitemap provider, it will read from the <authorization> section(s) to determine which links to display to the user in the navigation.

The roles attribute in the sitemap file is used to override the authorization setting - you can use AD groups (both in authorization and sitemap) - use the Domain\Groupname format.

---
Dominick Baier, DevelopMentor
http://www.leastprivilege.com

As anybody here used the AspNetActiveDirectoryMembershipProvider with
the SiteMap

For example mapping the roles from Active Directory to the siteMapNode
for security trimming?

What i mean is that for example below i have "roles="members" is it
possible to map AD roles to that directly?

So for example if someone with an Admin role logs in they would see
more
link than a user
and i can just add Roles from the AD to the siteMapNodes.
Is this possible?

<siteMap xmlns="http://schemas.microsoft.com/AspNet/SiteMap-File-1.0";
>
<siteMapNode url="~/default.aspx" title="Home" description=""
roles="*">
<siteMapNode url="~/signup.aspx" title="Sign Up" description=""
roles="?" />
<siteMapNode url="~/pwdreminder.aspx" title="Forgot Password"
description="" />
<siteMapNode url="" title="User Settings" description=""
roles="users">
<siteMapNode url="~/_Users/myaccount.aspx" title="My Account"
description="" />
<siteMapNode url="~/_Users/changepwd.aspx" title="Reset
Password"
description="" />
</siteMapNode>
<siteMapNode url="" title="Members" description=""
roles="members">
<siteMapNode url="~/_Members/history.aspx" title="History"
description="" />
</siteMapNode>
<siteMapNode url="" title="Support" description=""
roles="support">
<siteMapNode url="~/_Support/search.aspx" title="Search"
description="" />
</siteMapNode>
<siteMapNode url="" title="Admin" description="" roles="admins">
<siteMapNode url="~/_Admins/test.aspx" title="Admin1"
description="" />
<siteMapNode url="~/_Admins/test2.aspx" title="Admin2"
description="" />
</siteMapNode>
</siteMapNode>
</siteMap>
Any ideas?



.

Relevant Pages

  • Re: Authorization based on roles or directory access?
    ... It would be fine if the <authorization> setting was only checked as an ... security check for nodes that I in the sitemap decided to show. ... to users in "Members" role. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: User.IsInRole with * wildcard, web.sitemap etc.
    ... You don't specify any authorization requirements in web.sitemap!!! ... You use the <authorization> element in web.config for that - the sitemap just uses this information - and the role attribute in the sitemap file allows to override the information found in the authorization element for visual presentation. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Sitemap trimming with Forms auth (Active Directory)
    ... Sitemap will pick up these settings. ... The roles attribute in web.sitemap is ONLY for overriding the settings made in <authorization> ... Dim ticket As FormsAuthenticationTicket = ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Authorization based on roles or directory access?
    ... Your authorization sections in the web.config file can specify a script ... But the roles attribute in the sitemap works for this authorization ... "For navigation node ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: newbie: asp.net 2.0 security question
    ... With the current settings unathenticated users cannot view the ... more sitemap nodes ...
    (microsoft.public.dotnet.framework.aspnet)