Wrox Programmer Forums
Go Back   Wrox Programmer Forums > ASP.NET and ASP > ASP.NET 2.0 > ASP.NET 2.0 Professional
| Search | Today's Posts | Mark Forums Read
ASP.NET 2.0 Professional If you are an experienced ASP.NET programmer, this is the forum for your 2.0 questions. Please also see the Visual Web Developer 2005 forum.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the ASP.NET 2.0 Professional section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
  #1 (permalink)  
Old June 19th, 2007, 11:06 AM
Friend of Wrox
Join Date: Apr 2006
Location: , , .
Posts: 160
Thanks: 0
Thanked 0 Times in 0 Posts
Default cannot hide page in sitemap using roles


i have a problem with the visibility of the sitemap.
there is one role defined: manager
There are two users: user1 (member of role manager) and user2 (not member).
The login.aspx redirects to a page with a menu control associated to a SiteMapDataSource.

I want to hide pg1 for all non-members of role manager (=user2).

I did this in:

<?xml version="1.0" encoding="utf-8" ?>
<siteMap xmlns="http://schemas.microsoft.com/AspNet/SiteMap-File-1.0" >
   <siteMapNode url="page1.aspx" title="pg1" roles="manager" >
        <siteMapNode url="page2.aspx" title="pg2" >
        <siteMapNode url="page3.aspx" title="pg3" >

in web.config:
  <roleManager enabled="true" />

  <siteMap defaultProvider="AspXmlSiteMapProvider" enabled="true">
          <add name="AspXmlSiteMapProvider" type="System.Web.XmlSiteMapProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
            siteMapFile="web.sitemap" securityTrimmingEnabled="true"/>

My problem: when logging with any user, that user (user2) sees all the pages, included pg1.

How to make pg1 invisible for user2 using this sitemap?

  #2 (permalink)  
Old August 21st, 2007, 12:42 PM
Registered User
Join Date: Aug 2007
Location: , , .
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts


I am having exactly the same problem. Inspite of two users having separate role, (and web.sitemap clearly defines two separate items), after login, both the users get same menu.

While other menu items work fine as per role.
  #3 (permalink)  
Old August 21st, 2007, 12:56 PM
Imar's Avatar
Wrox Author
Points: 70,322, Level: 100
Points: 70,322, Level: 100 Points: 70,322, Level: 100 Points: 70,322, Level: 100
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
Join Date: Jun 2003
Location: Utrecht, Netherlands.
Posts: 17,089
Thanks: 80
Thanked 1,576 Times in 1,552 Posts

Hi there,

You may be misunderstanding the use of the roles attribute in the sitemap. It's used to *extend* the items beyond the roles you're in, not limit it. That is, it allows you to show items to users to which they normally don't have access.

Instead, add a <location> tag to your web.config with its path set to the file you want to protect. Then change the security settings to the correct roles.

For example:

<location path="SomeFile.aspx">
        <allow roles="Managers, Administrators" />
        <deny users="*"/>

Hope this helps.


Imar Spaanjaars
Everyone is unique, except for me.
Author of ASP.NET 2.0 Instant Results and Beginning Dreamweaver MX / MX 2004

Similar Threads
Thread Thread Starter Forum Replies Last Post
Roles and SiteMap Problem mashour BOOK: ASP.NET 2.0 Website Programming Problem Design Solution ISBN: 978-0-7645-8464-0 3 November 18th, 2008 02:10 PM
Sitemap melania ASP.NET 3.5 Basics 0 October 27th, 2008 01:20 PM
Master Page Control/Web.Sitemap Questions kwilliams ASP.NET 2.0 Professional 2 January 14th, 2007 09:32 PM
How to hide Extension of Page in URL ? savan_thakkar ASP.NET 1.0 and 1.1 Professional 9 February 24th, 2006 10:31 AM
Conditional Hide Report Page Header SGL Access VBA 0 August 30th, 2004 02:36 PM

Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.