Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   ASP .Net Security (http://www.velocityreviews.com/forums/f62-asp-net-security.html)
-   -   ASP.NET 2.0 Beta 1 <siteMapNode> roles="" (http://www.velocityreviews.com/forums/t767345-asp-net-2-0-beta-1-sitemapnode-roles.html)

Jon Edney 04-12-2005 10:39 AM

ASP.NET 2.0 Beta 1 <siteMapNode> roles=""
 
Hi,

I am trying to use a web.sitemap file in ASP 2.0 Beta 1 to limit the menu
options visible to users. However I have struck a problem. How do you use
roles= to only show items when there is no user logged in (no roles).

For example:
<siteMapNode url="" id="User" title="User Features" description="User
Features" roles="*">
<siteMapNode url="~/user/signup.aspx" title="Sign-Up"
description=""/>
<siteMapNode url="~/user/forgot.aspx" title="Forgotten Password"
description=""/>
</siteMapNode>
<siteMapNode url="" id="User" title="User Features" description="User
Features" roles="members, admin">
<siteMapNode url="~/user/changepassword.aspx" title="Change
Password" description=""/>
<siteMapNode url="~/login.aspx" title="Logout" description=""/>
</siteMapNode>

I am current using roles="*", but this is still visible to the user after
they have logged in. I only want them to see the options when they are not
logged in. I guess I need something like roles="anonymous".

Thanks for your help.

Jon Edney.

Brock Allen 04-12-2005 03:39 PM

Re: ASP.NET 2.0 Beta 1 <siteMapNode> roles=""
 
Use "?" for anonymous

-Brock
DevelopMentor
http://staff.develop.com/ballen



> Hi,
>
> I am trying to use a web.sitemap file in ASP 2.0 Beta 1 to limit the
> menu options visible to users. However I have struck a problem. How do
> you use roles= to only show items when there is no user logged in (no
> roles).
>
> For example:
> <siteMapNode url="" id="User" title="User Features"
> description="User
> Features" roles="*">
> <siteMapNode url="~/user/signup.aspx" title="Sign-Up"
> description=""/>
> <siteMapNode url="~/user/forgot.aspx" title="Forgotten
> Password"
> description=""/>
> </siteMapNode>
> <siteMapNode url="" id="User" title="User Features"
> description="User
> Features" roles="members, admin">
> <siteMapNode url="~/user/changepassword.aspx"
> title="Change
> Password" description=""/>
> <siteMapNode url="~/login.aspx" title="Logout"
> description=""/>
> </siteMapNode>
> I am current using roles="*", but this is still visible to the user
> after they have logged in. I only want them to see the options when
> they are not logged in. I guess I need something like
> roles="anonymous".
>
> Thanks for your help.
>
> Jon Edney.
>





Jon Edney 04-12-2005 03:51 PM

Re: ASP.NET 2.0 Beta 1 <siteMapNode> roles=""
 
Brock,

Thanks for your help. Unfortunatly I get the following error:

Exception Details: System.Configuration.ConfigurationException:
Authorization rule names cannot contain the '?' character.

Any other ideas?

Thanks,
Jon.

"Brock Allen" wrote:

> Use "?" for anonymous
>
> -Brock
> DevelopMentor
> http://staff.develop.com/ballen
>
>
>
> > Hi,
> >
> > I am trying to use a web.sitemap file in ASP 2.0 Beta 1 to limit the
> > menu options visible to users. However I have struck a problem. How do
> > you use roles= to only show items when there is no user logged in (no
> > roles).
> >
> > For example:
> > <siteMapNode url="" id="User" title="User Features"
> > description="User
> > Features" roles="*">
> > <siteMapNode url="~/user/signup.aspx" title="Sign-Up"
> > description=""/>
> > <siteMapNode url="~/user/forgot.aspx" title="Forgotten
> > Password"
> > description=""/>
> > </siteMapNode>
> > <siteMapNode url="" id="User" title="User Features"
> > description="User
> > Features" roles="members, admin">
> > <siteMapNode url="~/user/changepassword.aspx"
> > title="Change
> > Password" description=""/>
> > <siteMapNode url="~/login.aspx" title="Logout"
> > description=""/>
> > </siteMapNode>
> > I am current using roles="*", but this is still visible to the user
> > after they have logged in. I only want them to see the options when
> > they are not logged in. I guess I need something like
> > roles="anonymous".
> >
> > Thanks for your help.
> >
> > Jon Edney.
> >

>
>
>
>


Brock Allen 04-12-2005 04:28 PM

Re: ASP.NET 2.0 Beta 1 <siteMapNode> roles=""
 
Oh, I misunderstood what you're asking for.

Ok, quickly some background (if you already know this, my apologies). The
SiteMapDataSource will filter nodes in the tree based upon the current user's
access to the pages as controlled via the web.config's <authorization> settings.
So if a user doesn't have access to a page then it wont' show in the Menu/TreeView
(from the SiteMapDataSource). roles="" in web.sitemap is there to show nodes
that the user wouldn't normally see. Thius is to let them know it's there
but if they click/navigate on it you still get access denied via <authentication>.
Also, for nodes that point outside the application, then they're hidden and
you need to show them, typically with roles="*". So you're right -- I was
wrong in saying to use "?" because that's the default if you don't have securityTrimmingEnabled=true
in web.config.

Now, what you want is to have the node disappear when the user is not anonymmous.
To do this, add a <location> element to web.config and allow the anon user
and deny everyone else:

<location path="YourAnonPage.aspx">
<system.web>
<authorization>
<allow users="?" />
<deny users="*" />
</authorization>
</system.web>
</location>

-Brock
DevelopMentor
http://staff.develop.com/ballen



> Brock,
>
> Thanks for your help. Unfortunatly I get the following error:
>
> Exception Details: System.Configuration.ConfigurationException:
> Authorization rule names cannot contain the '?' character.
>
> Any other ideas?
>
> Thanks,
> Jon.
> "Brock Allen" wrote:
>
>> Use "?" for anonymous
>>
>> -Brock
>> DevelopMentor
>> http://staff.develop.com/ballen
>>> Hi,
>>>
>>> I am trying to use a web.sitemap file in ASP 2.0 Beta 1 to limit the
>>> menu options visible to users. However I have struck a problem. How
>>> do you use roles= to only show items when there is no user logged in
>>> (no roles).
>>>
>>> For example:
>>> <siteMapNode url="" id="User" title="User Features"
>>> description="User
>>> Features" roles="*">
>>> <siteMapNode url="~/user/signup.aspx" title="Sign-Up"
>>> description=""/>
>>> <siteMapNode url="~/user/forgot.aspx" title="Forgotten
>>> Password"
>>> description=""/>
>>> </siteMapNode>
>>> <siteMapNode url="" id="User" title="User Features"
>>> description="User
>>> Features" roles="members, admin">
>>> <siteMapNode url="~/user/changepassword.aspx"
>>> title="Change
>>> Password" description=""/>
>>> <siteMapNode url="~/login.aspx" title="Logout"
>>> description=""/>
>>> </siteMapNode>
>>> I am current using roles="*", but this is still visible to the user
>>> after they have logged in. I only want them to see the options when
>>> they are not logged in. I guess I need something like
>>> roles="anonymous".
>>> Thanks for your help.
>>>
>>> Jon Edney.
>>>






All times are GMT. The time now is 08:03 AM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.