Wrox Programmer Forums
Go Back   Wrox Programmer Forums > ASP.NET and ASP > ASP.NET 2.0 > ASP.NET 2.0 Basics
|
ASP.NET 2.0 Basics If you are new to ASP or ASP.NET programming with version 2.0, this is the forum to begin asking questions. Please also see the Visual Web Developer 2005 forum.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the ASP.NET 2.0 Basics section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
 
Old June 19th, 2007, 05:33 PM
Friend of Wrox
 
Join Date: Apr 2006
Posts: 160
Thanks: 0
Thanked 0 Times in 0 Posts
Default problem with sitemap and role

Hi,

I have a problem with sitemap combined with role. I posted in the professional group but i reformulated here and made the things simplier:

there are two defined users: user1 and user2
there is one role: manager
user1 belongs to the role manager; user2 not.

there are three pages (page1.aspx, page2.aspx and page3.aspx).
page1.aspx is only reserved for role manager (user1)
page2.aspx and page3.aspx is for all users.

the sitemap is:
-------------
<siteMapNode url="page1.aspx" title="pg1" roles="manager" >
        <siteMapNode url="page2.aspx" title="pg2" roles="*" >
        </siteMapNode>
        <siteMapNode url="page3.aspx" title="pg3" roles="*" >
           </siteMapNode>
      </siteMapNode>

i read somewhere on internet this:
"If the current user is in a role specified in the node's Roles property, or if Roles is "*", the node is returned. "
"If the current user is not in a role specified in the node's Roles property, then a URL authorization check is performed to determine whether the user has access to the node's URL. If the answer is yes, the node is returned. "

so i put a URL authorization in the web.config:
-----------------------------------------------------------------

<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
    <appSettings/>
    <connectionStrings/>

  <system.web>
  <roleManager enabled="true" />
  </system.web>

  <location path="page1.aspx">
    <system.web>
      <authorization>
        <deny users="*" />
       </authorization>
    </system.web>
  </location>

   <system.web>

        <compilation debug="false" strict="false" explicit="true" />
        <pages>
            <namespaces>
                <clear />
                <add namespace="System" />
                <add namespace="System.Collections" />
                <add namespace="System.Collections.Specialized" />
                <add namespace="System.Configuration" />
                <add namespace="System.Text" />
                <add namespace="System.Text.RegularExpressions" />
                <add namespace="System.Web" />
                <add namespace="System.Web.Caching" />
                <add namespace="System.Web.SessionState" />
                <add namespace="System.Web.Security" />
                <add namespace="System.Web.Profile" />
                <add namespace="System.Web.UI" />
                <add namespace="System.Web.UI.WebControls" />
                <add namespace="System.Web.UI.WebControls.WebParts" />
                <add namespace="System.Web.UI.HtmlControls" />
            </namespaces>
        </pages>

        <authentication mode="Forms" />

      <siteMap defaultProvider="AspXmlSiteMapProvider" enabled="true">
        <providers>
          <clear/>
          <add name="AspXmlSiteMapProvider" type="System.Web.XmlSiteMapProvider, System.Web, Version=2.0.3600.0,

Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
            siteMapFile="web.sitemap" securityTrimmingEnabled="true"/>
        </providers>
      </siteMap>
    </system.web>
</configuration>

When logging as user1, i see the three pages (that's ok).
When logging with user2, i see nothing.

Because user2 is not in the role for page1, the Url authorization takes place and this page1 is hidden, but why the two others? there are roles="*" on each line in web.sitemap.

Later,I added this in web.config for testing: but this gives exactly the same: user1 sees all 3 pages, user2 nothing!

<location path="page2.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>

Thanks
H.

 
Old June 20th, 2007, 07:24 AM
Friend of Wrox
 
Join Date: Jun 2003
Posts: 2,189
Thanks: 5
Thanked 59 Times in 57 Posts
Send a message via MSN to gbianchi
Default

hi there... I don't know much about this subject, but looks like that page 2 and 3 are child of page 1, so if it hidden for user2, it will also hidden the childs.

HTH

Gonzalo

================================================== =========
Read this if you want to know how to get a correct reply for your question:
http://www.catb.org/~esr/faqs/smart-questions.html
^^Took that from dparsons signature and he Took that from planoie's profile
================================================== =========
My programs achieved a new certification (can you say the same?):
WORKS ON MY MACHINE
http://www.codinghorror.com/blog/archives/000818.html
================================================== =========
I know that CVS was evil, and now i got the proof:
http://worsethanfailure.com/Articles...-Hate-You.aspx
================================================== =========
 
Old June 20th, 2007, 01:12 PM
Friend of Wrox
 
Join Date: Apr 2006
Posts: 160
Thanks: 0
Thanked 0 Times in 0 Posts
Default

thanks for replying ...

i changed web.sitemap into this:

 <siteMapNode title="pg1" roles="manager">
     <siteMapNode url="pagina1.aspx" title="pg1" roles="manager" >
     </siteMapNode>
        <siteMapNode url="pagina2.aspx" title="pg2" roles="*" >
        </siteMapNode>
        <siteMapNode url="pagina3.aspx" title="pg3" roles="*" >
           </siteMapNode>
      </siteMapNode>

with same problem ....


 
Old June 20th, 2007, 01:20 PM
Friend of Wrox
 
Join Date: Jun 2003
Posts: 2,189
Thanks: 5
Thanked 59 Times in 57 Posts
Send a message via MSN to gbianchi
Default

still the same issue.. if pg1 has only manager role accepted, it will not show the rest of the page...
if you allow the sitemap for * doesn't work the way you want??? because you are still surrounding page2 and 3 with a manager role....

HTH

Gonzalo

================================================== =========
Read this if you want to know how to get a correct reply for your question:
http://www.catb.org/~esr/faqs/smart-questions.html
^^Took that from dparsons signature and he Took that from planoie's profile
================================================== =========
My programs achieved a new certification (can you say the same?):
WORKS ON MY MACHINE
http://www.codinghorror.com/blog/archives/000818.html
================================================== =========
I know that CVS was evil, and now i got the proof:
http://worsethanfailure.com/Articles...-Hate-You.aspx
================================================== =========
 
Old June 20th, 2007, 02:58 PM
Friend of Wrox
 
Join Date: Apr 2006
Posts: 160
Thanks: 0
Thanked 0 Times in 0 Posts
Default

yes, that's it:

 <siteMapNode title="" roles="*">
    <siteMapNode url="pagina1.aspx" title="pg1" roles="manager" >
    </siteMapNode>
    <siteMapNode url="pagina2.aspx" title="pg2" roles="*" >
    </siteMapNode>
    <siteMapNode url="pagina3.aspx" title="pg3" roles="*" >
    </siteMapNode>
  </siteMapNode>

thanks, but i find amazing that it's nowhere explain clearly ...

 
Old June 20th, 2007, 03:36 PM
Imar's Avatar
Wrox Author
 
Join Date: Jun 2003
Posts: 17,089
Thanks: 80
Thanked 1,576 Times in 1,552 Posts
Default

Quote:
quote:Originally posted by hertendreef
thanks, but i find amazing that it's nowhere explain clearly ...
It's not? Try this:

http://www.google.com/search?hl=en&s...=sitemap+roles

Then read the first 8 articles or so and follow the links from those articles. You'll find some useful stuff like:

http://msdn2.microsoft.com/en-us/library/ms178428.aspx
http://msdn2.microsoft.com/en-us/library/ms178428.aspx
http://blogs.ipona.com/davids/archiv...03/02/699.aspx
http://blogs.ipona.com/davids/archive/2004/10/16.aspx

From the first link you want to read the section "Selecting Roles to Prevent Unintentional Trimming"

If your only goal is to *hide* all links that a user doesn't have access to, you don't have to do add the roles attribute in the config file. All you need to do is set securityTrimming to true, add authorization elements (using location tags or separate web.config files) to the web.config and NET handles the rest. Pages a user can't access are hidden by default.

While it may appear as odd at first, the Roles attribute is used to *expand* the number of nodes a user can see beyond their normal access rights. However, they still won't be able to see the actual pages, and get the Login screen if they try.

Cheers,

Imar

---------------------------------------
Imar Spaanjaars
http://Imar.Spaanjaars.Com
Everyone is unique, except for me.
Author of ASP.NET 2.0 Instant Results and Beginning Dreamweaver MX / MX 2004
Want to be my colleague? Then check out this post.
 
Old June 21st, 2007, 05:22 PM
Friend of Wrox
 
Join Date: Apr 2006
Posts: 160
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Thanks for info ..






Similar Threads
Thread Thread Starter Forum Replies Last Post
Roles and SiteMap Problem mashour BOOK: ASP.NET 2.0 Website Programming Problem Design Solution ISBN: 978-0-7645-8464-0 3 November 18th, 2008 02:10 PM
Web.sitemap problem Dmitriy ASP.NET 3.5 Basics 0 October 14th, 2008 03:04 PM
Problem with Web.sitemap? Dmitriy ASP.NET 3.5 Professionals 0 October 14th, 2008 07:14 AM
dynamic sitemap problem yiyo ASP.NET 2.0 Professional 0 May 2nd, 2007 04:29 PM
Problem with Edit Role Clarke76 BOOK: ASP.NET Website Programming Problem-Design-Solution 3 January 17th, 2005 01:15 PM





Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.