Re: using AspNetActiveDirectoryMembershipProvider question

Hi,

if you set securityTrimmingEnabled in the sitemap provider, it will read from the <authorization> section(s) to determine which links to display to the user in the navigation.

The roles attribute in the sitemap file is used to override the authorization setting - you can use AD groups (both in authorization and sitemap) - use the Domain\Groupname format.

---
Dominick Baier, DevelopMentor
http://www.leastprivilege.com

As anybody here used the AspNetActiveDirectoryMembershipProvider with
the SiteMap

For example mapping the roles from Active Directory to the siteMapNode
for security trimming?

What i mean is that for example below i have "roles="members" is it
possible to map AD roles to that directly?

So for example if someone with an Admin role logs in they would see
more
link than a user
and i can just add Roles from the AD to the siteMapNodes.
Is this possible?

<siteMap xmlns="http://schemas.microsoft.com/AspNet/SiteMap-File-1.0";
>
<siteMapNode url="~/default.aspx" title="Home" description=""
roles="*">
<siteMapNode url="~/signup.aspx" title="Sign Up" description=""
roles="?" />
<siteMapNode url="~/pwdreminder.aspx" title="Forgot Password"
description="" />
<siteMapNode url="" title="User Settings" description=""
roles="users">
<siteMapNode url="~/_Users/myaccount.aspx" title="My Account"
description="" />
<siteMapNode url="~/_Users/changepwd.aspx" title="Reset
Password"
description="" />
</siteMapNode>
<siteMapNode url="" title="Members" description=""
roles="members">
<siteMapNode url="~/_Members/history.aspx" title="History"
description="" />
</siteMapNode>
<siteMapNode url="" title="Support" description=""
roles="support">
<siteMapNode url="~/_Support/search.aspx" title="Search"
description="" />
</siteMapNode>
<siteMapNode url="" title="Admin" description="" roles="admins">
<siteMapNode url="~/_Admins/test.aspx" title="Admin1"
description="" />
<siteMapNode url="~/_Admins/test2.aspx" title="Admin2"
description="" />
</siteMapNode>
</siteMapNode>
</siteMap>
Any ideas?



.

Relevant Pages

  • Re: Authorization based on roles or directory access?
    ... It would be fine if the <authorization> setting was only checked as an ... security check for nodes that I in the sitemap decided to show. ... to users in "Members" role. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: User.IsInRole with * wildcard, web.sitemap etc.
    ... You don't specify any authorization requirements in web.sitemap!!! ... You use the <authorization> element in web.config for that - the sitemap just uses this information - and the role attribute in the sitemap file allows to override the information found in the authorization element for visual presentation. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Sitemap trimming with Forms auth (Active Directory)
    ... Sitemap will pick up these settings. ... The roles attribute in web.sitemap is ONLY for overriding the settings made in <authorization> ... Dim ticket As FormsAuthenticationTicket = ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Authorization based on roles or directory access?
    ... Your authorization sections in the web.config file can specify a script ... But the roles attribute in the sitemap works for this authorization ... "For navigation node ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: using AspNetActiveDirectoryMembershipProvider question
    ... from the <authorization> sectionto determine which links to display to ... the user in the navigation. ... The roles attribute in the sitemap file is used to override the ... For example mapping the roles from Active Directory to the siteMapNode ...
    (microsoft.public.dotnet.framework.aspnet.security)