asp.netsitemaproleprovidersitemapprovidersecurity-trimming

Sitemap security trimming using roles attributes only, and not allow/deny rules elsewhere


I am aware that the tag has the "roles" attribute to make up for the nodes that don't have the "url" attribute, which can be resolved in other ways. I'm not interested in these other ways, though, I'd like to have all my permissions set in my sitemap file. How to accomplish this?

I'm using custom RoleProvider, custom MembershipProvider, and the default XmlSiteMapProvider. I also have a security IHttpModule to prevent people from getting there using a direct URL. I'm open to different approaches.

Thanks in advance!


Solution

  • You can implement your own XmlSiteMapProvider and override the IsAccessibleToUser method.

    public override bool IsAccessibleToUser(HttpContext context, SiteMapNode node)
    {
         return <condition in which access is allowed>
    }