It is a general requirement in any ASP.NET application to restrict the site navigation for certain roles and allow access for others. Recently I had to restrict the site map of my application based on the roles but as I was not aware of the available site map trimming settings, I made a similar model myself adding extra attributes to my site map nodes and as I am using a TreeView control for binding to the SiteMapDataSource, I used the TreeView DataBound method to access the SiteMapNode attributes and then checking their permission from the Database.
Fortunately the ASP.NET 2.0 provides trimming of the SiteMapNodes based on the available Roles from the underlying RolesProvider. You need to provide the roles attribute in the SiteMapNode and specify the role to which this note is accessible (* can be used for all roles).
<?xml version=”1.0″ encoding=”utf-8″ ?>
<siteMapNode title=”Support” description=”Support” url=”~/Customers/Support.aspx” roles=”Customers” />
You also need to enable the security trimming settings in the web.config as they are disabled by default.
<siteMap defaultProvider=”XmlSiteMapProvider” enabled=”true”>
<add name=”XmlSiteMapProvider” description=”Default SiteMap provider.” type=”System.Web.XmlSiteMapProvider ” siteMapFile=”Web.sitemap” securityTrimmingEnabled=”true” />
For More information about the sitemap trimming is available in MSDN here.