roles and dynamic sitemaps based on session variable

[jesibl]

Hi All,

I have an ASP .NET 2.0 web based app which should change content based
on a variable passed in the query string. Let's say the variable is
called ID and the variations are A, B and C. I put this value into a
Session variable and make changes based on that.

The website needs to provide authorisation based on roles. I was
planning on using the roles and authorisation techniques introduced by
2.0. A, B and C each have their own subset of roles e.g.

For A:
AdminA, UserA, ReadOnlyA

For B:
AdminB, UserB, ReadOnlyB

For C:
AdminC, UserC, ReadOnlyC

So if a user called Joe who is a member of UserA accesses the website
but the session variable is C, then Joe shouldn't have access to the
website. Considering that there doesn't seem to be any relationship
between session and roles, how do I implement this? Can it be done?

Also, I use a sitemap to create a menu of content. Some sitemap nodes
should be visible only to AdminA, AdminB and AdminC. How do I make
sure that this occurs considering these roles are based on a session
variable? I know you can set an attribute for each sitemap node to use
the roles and authorisation in 2.0, but when the role is based on a
session variable how do I mke this work? Do I need to dynamically
create the site map?

 

[jesibl]

FYI I managed to work out how to implement roles based on the Session
variable by essentially doing:

Session["ID"] = Response.QueryString["ID"]

If(User.IsInRole("Admin" + Session["ID"].ToString()))
{ //provide access }

The issue now is simply getting the sitemap to change what it shows
based on these roles. I know you can set the attribute in the XML at
the sitemap node level to restrict access, but when my "roles" are
being dynamically determined, I'm not sure what to do.

Seeing as a sitemap is essentially XML, do I need to dynamically create
them?