ASP.NET SiteMap Security Trimmings

It is a general requirement in any ASP.NET application to restrict the site navigation for certain roles and allow access for others. Recently I had to restrict the site map of my application based on the roles but as I was not aware of the available site map trimming settings, I made a similar model myself adding extra attributes to my site map nodes and as I am using a TreeView control for binding to the SiteMapDataSource, I used the TreeView DataBound method to access the SiteMapNode attributes and then checking their permission from the Database.

Fortunately the ASP.NET 2.0 provides trimming of the SiteMapNodes based on the available Roles from the underlying RolesProvider. You need to provide the roles attribute in the SiteMapNode and specify the role to which this note is accessible (* can be used for all roles).

<?xml version=”1.0″ encoding=”utf-8″ ?>

<siteMap>

<siteMapNode title=”Support” description=”Support” url=”~/Customers/Support.aspx” roles=”Customers” />

</siteMap>

You also need to enable the security trimming settings in the web.config as they are disabled by default.

<system.web>

<siteMap defaultProvider=”XmlSiteMapProvider” enabled=”true”>

<providers>

<add name=”XmlSiteMapProvider” description=”Default SiteMap provider.” type=”System.Web.XmlSiteMapProvider ” siteMapFile=”Web.sitemap” securityTrimmingEnabled=”true” />

</providers>

</siteMap>

</system.web>

For More information about the sitemap trimming is available in MSDN here.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s