Wednesday, 9 August 2006

Anyone for some Security Trimmings?

Jeff
I have used a SiteMap in my website to give a central repository of the site structure. I have also created a ul menu using a repeater control as shown here, as again the ASP.NET menu control uses tables to perform its layout.
What I really wanted was for the menu items to only be shown to users who are authorized to view that page. I could do this is the code behind by checking the Roles.IsUserInRole() method but wanted a more declarative method using my sitemap and role provider. This can be achieved by using security trimming. Enabling this feature on the SiteMap provider results in all the url's being checked again the url authorization rules. If the current user is not authorized to view the page it will not be included in the SitMap when used at runtime as a datasource. This results in my menu not rendering the link if the user is not authorized to view the page. Coooool :-)

1 comment:

diver said...

Within Security Trimmings you state:
Enabling this feature on the SiteMap provider results in all the url's being checked again the url authorization rules. If the current user is not authorized to view the page it will not be included in the SitMap when used at runtime as a datasource. This results in my menu not rendering the link if the user is not authorized to view the page.

How do you set up url authorization rules for a user? I know you can set up Roles and assign users to Roles, then use Access Rules to state which Roles can see which folders, but I need to assign individual users to individual pages within the website. I have Roles/Memberships/Users set up, and it works perfectly to display the menu according to the user loggin in until I add a URL link to the URL attribute of the siteMapNode. Any suggestions?
Thanks much!