C
Chris
Hi,
i have a problem with sitemap combined with roles.
I already posted this but i reformulated simplier: here:
there are two defined users: user1 and user2
there is one role: manager
user1 belongs to the role manager; user2 not.
there are three pages (page1.aspx, page2.aspx and page3.aspx).
page1.aspx is only reserved for role manager (user1)
page2.aspx and page3.aspx is for all users.
the sitemap is:
-------------
<siteMapNode url="page1.aspx" title="pg1" roles="manager" >
<siteMapNode url="page2.aspx" title="pg2" roles="*" >
</siteMapNode>
<siteMapNode url="page3.aspx" title="pg3" roles="*" >
</siteMapNode>
</siteMapNode>
i read somewhere this:
If the current user is in a role specified in the node's Roles property, or
if Roles is "*", the node is returned.
If the current user is not in a role specified in the node's Roles property,
then a URL authorization check is performed to determine whether the user
has access to the node's URL. If the answer is yes, the node is returned.
so i put a URL authorization in the web.config:
-------------------------------------------
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
<appSettings/>
<connectionStrings/>
<system.web>
<roleManager enabled="true" />
</system.web>
<location path="pagina1.aspx">
<system.web>
<authorization>
<deny users="*" />
</authorization>
</system.web>
</location>
<system.web>
<compilation debug="false" strict="false" explicit="true" />
<pages>
<namespaces>
<clear />
<add namespace="System" />
<add namespace="System.Collections" />
<add namespace="System.Collections.Specialized" />
<add namespace="System.Configuration" />
<add namespace="System.Text" />
<add namespace="System.Text.RegularExpressions" />
<add namespace="System.Web" />
<add namespace="System.Web.Caching" />
<add namespace="System.Web.SessionState" />
<add namespace="System.Web.Security" />
<add namespace="System.Web.Profile" />
<add namespace="System.Web.UI" />
<add namespace="System.Web.UI.WebControls" />
<add namespace="System.Web.UI.WebControls.WebParts" />
<add namespace="System.Web.UI.HtmlControls" />
</namespaces>
</pages>
<authentication mode="Forms" />
<siteMap defaultProvider="AspXmlSiteMapProvider" enabled="true">
<providers>
<clear/>
<add name="AspXmlSiteMapProvider"
type="System.Web.XmlSiteMapProvider, System.Web, Version=2.0.3600.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
siteMapFile="web.sitemap" securityTrimmingEnabled="true"/>
</providers>
</siteMap>
</system.web>
</configuration>
When logging as user1, i see the three pages (that's ok).
When logging with user2, i see nothing.
Because user2 is not in the role for page1, the Url authorization takes
place and this page is hidden, but why the two others? there are roles="*"
on each line in web.sitemap.
Later,I added this in web.config for testing: but this gives exactly the
same: user1 sees all 3 pages, user2 nothing!
<location path="page2.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
Thanks
Chris
i have a problem with sitemap combined with roles.
I already posted this but i reformulated simplier: here:
there are two defined users: user1 and user2
there is one role: manager
user1 belongs to the role manager; user2 not.
there are three pages (page1.aspx, page2.aspx and page3.aspx).
page1.aspx is only reserved for role manager (user1)
page2.aspx and page3.aspx is for all users.
the sitemap is:
-------------
<siteMapNode url="page1.aspx" title="pg1" roles="manager" >
<siteMapNode url="page2.aspx" title="pg2" roles="*" >
</siteMapNode>
<siteMapNode url="page3.aspx" title="pg3" roles="*" >
</siteMapNode>
</siteMapNode>
i read somewhere this:
If the current user is in a role specified in the node's Roles property, or
if Roles is "*", the node is returned.
If the current user is not in a role specified in the node's Roles property,
then a URL authorization check is performed to determine whether the user
has access to the node's URL. If the answer is yes, the node is returned.
so i put a URL authorization in the web.config:
-------------------------------------------
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
<appSettings/>
<connectionStrings/>
<system.web>
<roleManager enabled="true" />
</system.web>
<location path="pagina1.aspx">
<system.web>
<authorization>
<deny users="*" />
</authorization>
</system.web>
</location>
<system.web>
<compilation debug="false" strict="false" explicit="true" />
<pages>
<namespaces>
<clear />
<add namespace="System" />
<add namespace="System.Collections" />
<add namespace="System.Collections.Specialized" />
<add namespace="System.Configuration" />
<add namespace="System.Text" />
<add namespace="System.Text.RegularExpressions" />
<add namespace="System.Web" />
<add namespace="System.Web.Caching" />
<add namespace="System.Web.SessionState" />
<add namespace="System.Web.Security" />
<add namespace="System.Web.Profile" />
<add namespace="System.Web.UI" />
<add namespace="System.Web.UI.WebControls" />
<add namespace="System.Web.UI.WebControls.WebParts" />
<add namespace="System.Web.UI.HtmlControls" />
</namespaces>
</pages>
<authentication mode="Forms" />
<siteMap defaultProvider="AspXmlSiteMapProvider" enabled="true">
<providers>
<clear/>
<add name="AspXmlSiteMapProvider"
type="System.Web.XmlSiteMapProvider, System.Web, Version=2.0.3600.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
siteMapFile="web.sitemap" securityTrimmingEnabled="true"/>
</providers>
</siteMap>
</system.web>
</configuration>
When logging as user1, i see the three pages (that's ok).
When logging with user2, i see nothing.
Because user2 is not in the role for page1, the Url authorization takes
place and this page is hidden, but why the two others? there are roles="*"
on each line in web.sitemap.
Later,I added this in web.config for testing: but this gives exactly the
same: user1 sees all 3 pages, user2 nothing!
<location path="page2.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
Thanks
Chris