I am having a problem with security trimming of menu links provided by the sitemap. If I set securityTrimmingEnabled="false", my menu works but there's no security trimming. If I set securityTrimmingEnabled="true", my menu just disappears. How can I fix this?
In web.config, I have:
<siteMap defaultProvider="XmlSiteMapProvider" enabled="true" >
<providers>
<clear />
<add name="XmlSiteMapProvider"
description="Default SiteMap provider."
type="System.Web.XmlSiteMapProvider"
siteMapFile="Web.sitemap"
securityTrimmingEnabled="true" />
</providers>
</siteMap>
In Site.master, I have:
<div class="clear hideSkiplink">
<asp:Menu ID="Menu1" runat="server" CssClass="menu" DataSourceID="SiteMapDataSource1">
</asp:Menu>
<asp:SiteMapDataSource ID="SiteMapDataSource1" runat="server" />
</div>
In Web.sitemap, I have:
<?xml version="1.0" encoding="utf-8" ?>
<siteMap xmlns="http://schemas.microsoft.com/AspNet/SiteMap-File-1.0" >
<siteMapNode url="" title="***">
<siteMapNode url="" title="***">
<siteMapNode url="~/***.aspx" title="***" />
<siteMapNode url="~/***.aspx" title="***" />
<siteMapNode url="~/***.aspx" title="***" />
<siteMapNode url="~/***.aspx" title="***" />
</siteMapNode>
<siteMapNode url="" title="***">
<siteMapNode url="~/Account/***.aspx" title="***" />
<siteMapNode url="~/Account/***.aspx" title="***" />
<siteMapNode url="~/Account/***.aspx" title="***" />
<siteMapNode url="~/Account/***.aspx" title="***" />
</siteMapNode>
</siteMapNode>
</siteMap>
You need to specify roles on your nodes like this (as per this article http://msdn.microsoft.com/en-us/library/ms178428.aspx)
<siteMapNode title="Support" description="Support" url="~/Customers/Support.aspx" roles="Customers" />
All nodes are by default not displayed when securityTrimmingEnabled is enabled unless you are in one of the allowed roles. To allow all roles you can do this roles="*" (as described here http://blogs.msdn.com/b/dannychen/archive/2006/03/16/553005.aspx)
Related
My complete menu system is not showing when Security Trimming is enabled...
I have enabled security Trimming in Web.config as follows ...
<siteMap defaultProvider="XmlSiteMapProvider" enabled="true">
<providers>
<add name="XmlSiteMapProvider"
description="Default SiteMap provider."
type="System.Web.XmlSiteMapProvider"
siteMapFile="Web.sitemap"
securityTrimmingEnabled="true" />
</providers>
</siteMap>
My Web.sitemap is as follows ...
<?xml version="1.0" encoding="utf-8" ?>
<siteMap xmlns="http://schemas.microsoft.com/AspNet/SiteMap-File-1.0" >
<siteMapNode>
<siteMapNode url="index.aspx" title=" Home | " description="Home Page" />
<siteMapNode url="" title=" Add | " description="Add a Record" >
<siteMapNode url="Add_a_Locum.aspx" title=" Add New Locum " description="Add a new Locum" />
</siteMapNode>
<siteMapNode url="" title=" View | " description="View Menu" >
<siteMapNode url="All_Locums.aspx" title="All Locums " description="View Locums" />
</siteMapNode>
<siteMapNode url="" title=" My Profile | " description="Profile Info" >
<siteMapNode url="login.aspx" title="View Profile" description="View" />
<siteMapNode url="" title="Edit Profile " description="Add or Edit" />
</siteMapNode>
<siteMapNode url="" title=" Vacancies |" description="My Vacancies" >
<siteMapNode url="" title="View All" description="All Vacancies" />
<siteMapNode url="" title="View Preferred" description="Preferred" />
</siteMapNode>
<siteMapNode url="" title="Locums |" description="Locum Pages" >
<siteMapNode url="~/Locums/Locumsonly.aspx" title="Locums Only" description="Restricted Page" />
</siteMapNode>
<siteMapNode url="" title=" Appointments | " description="Appointments">
<siteMapNode url="" title="My Calendar" description="Calendar"/>
</siteMapNode>
<siteMapNode url="" title=" FAQs | " description="FAQ" />
<siteMapNode url="" title=" Help |" description="Help" target="_blank"/>
<siteMapNode url="" title=" Contact Us | " description="Contact Us" />
</siteMapNode>
</siteMap>
Thinking the problem was related to Access Rules, I have removed all access rules, but this has not helped. Basically if "Security Trimming" is enabled as "True" - none of my menu is showing, but if I change the setting to "false" the whole menu shows, but obviously does not trim.
Try this on the parent siteMapNode:
<siteMapNode roles="*">
<siteMapNode url="index.aspx" title=" Home | " description="Home Page" />
...
</siteMapNode>
I have a .sitemap file that contains all of my nodes that I want to display for my side navigation. I am having trouble displaying all of my nodes when I get to the sub level. Everything just disappears when I visit the sub-page. In otherwords, when I am in the homepage.aspx page, all of my nodes are visible. When I enter the level1a.aspx page, all of the nodes disappear. I have no code behind. Is there a setting to display all nodes? Or would I need to write code to display them all?
Here are files:
web.config
<siteMap>
<providers>
<add name="SiteMap" type="System.Web.XmlSiteMapProvider" siteMapFile="~/my.sitemap" />
</providers>
</siteMap>
control.ascx
<asp:SiteMapDataSource ID="SiteMapDataSource1" SiteMapProvider="SiteMap" runat="server" />
<asp:Menu ID="Menu1" runat="server" DataSourceID="SiteMapDataSource1"></asp:Menu>
my.sitemap
<siteMap xmlns="http://schemas.microsoft.com/AspNet/SiteMap-File-1.0" >
<siteMapNode url="/HomePage.aspx" title="Home Page" description="">
<siteMapNode url="/level1.aspx" title="Level 1" description="">
<siteMapNode url="/level1a.aspx" title="Level 1 A" description="" />
<siteMapNode url="/level1b.aspx" title="Level 1 B" description="" />
</siteMapNode>
</siteMapNode>
</siteMap>
I just made the experiment and it works fine...
Double check all your pages contain a reference to your user control
This is what I did
UC
<%# Control Language="C#" AutoEventWireup="true" CodeBehind="MyMenuUC.ascx.cs" Inherits="WebApplication1.MyMenuUC" %>
<asp:SiteMapDataSource runat="server" ID="mySiteMapDataSource" ShowStartingNode="false" />
<asp:Menu runat="server" DataSourceID="mySiteMapDataSource"></asp:Menu>
Web.sitemap
<?xml version="1.0" encoding="utf-8" ?>
<siteMap xmlns="http://schemas.microsoft.com/AspNet/SiteMap-File-1.0" >
<siteMapNode url="~/Default.aspx" title="Home" description="">
<siteMapNode url="~/MenuWithUC1.aspx" title="page 1" description="" />
<siteMapNode url="~/MenuWithUC2.aspx" title="page 2" description="" />
</siteMapNode>
</siteMap>
MenuWithUC1.aspx
<%# Register Src="~/MyMenuUC.ascx" TagName="SharedMenu" TagPrefix="menu" %>
....
<menu:SharedMenu runat="server" />
<asp:Button ID="Button1" Text="post me" runat="server" />
MenuWithUC2.aspx
<%# Register Src="~/MyMenuUC.ascx" TagName="SharedMenu" TagPrefix="menu" %>
....
<menu:SharedMenu runat="server" />
<asp:Button Text="post me" runat="server" />
The buttons on each page are just to test that the Menu control keeps its state on each post
try with EnableViewState = true
<asp:Menu ID="Menu1" runat="server" DataSourceID="SiteMapDataSource1" EnableViewState="true"></asp:Menu>
I'm using C# ASP.NET 4 VS2010.
I'm using membership with roles, which are already defined as usual.
I have a ~/web.sitemap file that includes this:
(The ~/ security is Allow to all.)
<?xml version="1.0" encoding="utf-8" ?>
<siteMap xmlns="http://schemas.microsoft.com/AspNet/SiteMap-File-1.0" >
<siteMapNode url="" title="" description="">
<siteMapNode url="" title="A menu for the Administrator" description="">
<siteMapNode url="~/Admin/ResetPassword.aspx" title="Reset password for a user" description="" />
<siteMapNode url="~/Admin/SendEmailToUser.aspx" title="Send e-mail to a user" description="" />
</siteMapNode>
<siteMapNode url="" title="A menu for the SIC (second in command) person" description="">
<siteMapNode url="~/SIC/UnlockUser.aspx" title="Unlock a user" description="" />
<siteMapNode url="~/SIC/ApproveUser.aspx" title="Approve a user" description="" />
</siteMapNode>
<siteMapNode url="" title="A menu for users" description="">
<siteMapNode url="~/Users/MakeYourContribute.aspx" title="Make your contribution" description="" />
<siteMapNode url="~/Users/CheckOnYourBalance.aspx" title="Check on your balance" description="" />
</siteMapNode>
<siteMapNode url="" title="A menu for anonymous visitors" description="">
<siteMapNode url="~/AboutUs.aspx" title="About us" description="" />
<siteMapNode url="~/Application.aspx" title="Send an application to join us" description="" />
</siteMapNode>
</siteMapNode>
</siteMap>
and a web.config file that ends like this:
<siteMap defaultProvider="XmlSiteMapProvider" enabled ="true">
<providers>
<add name="XmlSiteMapProvider" type="System.Web.XmlSiteMapProvider" siteMapFile="~/web.sitemap" securityTrimmingEnabled="true" />
</providers>
</siteMap>
</system.web>
</configuration>
My menu is based on the asp:Repeater control and looks like this:
<div>
<ul>
<li>
<asp:hyperlink runat="server" id="lnkHome" navigateurl="~/Default.aspx">Home</asp:hyperlink>
</li>
<asp:repeater runat="server" id="menu" datasourceid="SiteMapDataSource1">
<ItemTemplate>
<li>
<asp:HyperLink ID="lnkMenuItem" runat="server" NavigateUrl='<%# Eval("Url") %>'><%# Eval("Title") %></asp:HyperLink>
<asp:Repeater ID="submenu" runat="server" DataSource="<%# ((SiteMapNode) Container.DataItem).ChildNodes %>">
<HeaderTemplate>
<ul>
</HeaderTemplate>
<ItemTemplate>
<li>
<asp:HyperLink ID="lnkMenuItem" runat="server" NavigateUrl='<%# Eval("Url") %>'><%# Eval("Title") %></asp:HyperLink>
</li>
</ItemTemplate>
<FooterTemplate>
</ul>
</FooterTemplate> </asp:Repeater> </li> </ItemTemplate> </asp:Repeater> </ul>
<asp:sitemapdatasource id="SiteMapDataSource1" runat="server" showstartingnode="true" />
</div>
The security of allow/deny to folders is defined for the respective folders.
There are 4 levels of security: 1) Administrators. 2)Second In Command (SIC). 3) Users (all registered users). 4) Anonymous users.
For example, both the members of the Administrators role and the SIC role are allowed on the operate in the folder ~/SIC , but the rest of the users are restricted from it.
Now, as soon as I added the securityTrimmingEnabled="true" to the web.config, the only row I see on the menu is Home.
Have I configured anything wrong?
Are there any more configuration I need to make in order to have this security dependent menu work?
The problem is the empty URL in the menu headers.
<siteMapNode url="" title="A menu for the Administrator" description="">
It appears that the sitemap functionality is trying to determine the permissions for the empty url "", and failing.
A workaround is to modify the .sitemap file to explicitly state the roles that can access the parent nodes.
<?xml version="1.0" encoding="utf-8" ?>
<siteMap xmlns="http://schemas.microsoft.com/AspNet/SiteMap-File-1.0" >
<siteMapNode url="" title="" description="" roles="*">
<siteMapNode url="" title="A menu for the Administrator" description="" roles="Administrators">
<siteMapNode url="~/Admin/ResetPassword.aspx" title="Reset password for a user" description="" />
<siteMapNode url="~/Admin/SendEmailToUser.aspx" title="Send e-mail to a user" description="" />
</siteMapNode>
<siteMapNode url="" title="A menu for the SIC (second in command) person" description="" roles="administrators,second in command">
<siteMapNode url="~/SIC/UnlockUser.aspx" title="Unlock a user" description="" />
<siteMapNode url="~/SIC/ApproveUser.aspx" title="Approve a user" description="" />
</siteMapNode>
<siteMapNode url="" title="A menu for users" description="" roles="administrators,secondincommand,users">
<siteMapNode url="~/Users/MakeYourContribute.aspx" title="Make your contribution" description="" />
<siteMapNode url="~/Users/CheckOnYourBalance.aspx" title="Check on your balance" description="" />
</siteMapNode>
<siteMapNode url="" title="A menu for anonymous visitors" description="" roles="*">
<siteMapNode url="~/AboutUs.aspx" title="About us" description="" />
<siteMapNode url="~/Application.aspx" title="Send an application to join us" description="" />
</siteMapNode>
</siteMapNode>
</siteMap>
Admittedly, this isn't ideal, because now you are partially configuring security in two places.
Another option is to just put roles="*" on every menu header. It will still apply the permissions check on every leaf node and hide them if necessary. The downside to this is that it can then display empty menu headers.
Here is the resource which pointed me to this solution: https://web.archive.org/web/20210417091658/http://www.4guysfromrolla.com/articles/122805-1.aspx
So, here's what I'm working on. I have an ASP.NET web app, in which the sitemap is displayed on the site.master file through the web.sitemap.
Here's the site.master:
<asp:SiteMapDataSource ID="SiteMapDataSource1" runat="server" />
<asp:TreeView
ID="TreeView1"
runat="server"
ataSourceID="SiteMapDataSource1"
ExpandDepth="1">
</asp:TreeView>
And here's the web.sitemap:
<siteMap xmlns="http://schemas.microsoft.com/AspNet/SiteMap-File-1.0" >
<siteMapNode url="~/Default.aspx" title="Home" description="Home">
<siteMapNode url="" title="Projects" description="">
</siteMapNode>
<siteMapNode url="" title="Configurations" description="Configurations">
<siteMapNode url="" title="Experiments" description="Experiments">
</siteMapNode>
<siteMapNode url="" title="Cell Line" description =""></siteMapNode>
<siteMapNode url ="" title ="Drugs">
</siteMapNode>
<siteMapNode url ="" title="Manage Configurations" />
<siteMapNode url="~/ExperimentConfigurationView.aspx" title ="Configure Experiements"/>
<siteMapNode url="~/DrugConfigurationView.aspx" title="Configure Drugs"/>
</siteMapNode>
</siteMapNode>
<siteMapNode url="" title="Drug Recipes" description="">
</siteMapNode>
</siteMapNode>
</siteMap>
Now, here's where I'm running into a problem. What I'd like to do is combine this site map with a dynamically created SiteMapProvider, and populate the sub-trees of this map. For example, the Projects, Experiments, Cell Line and Drug Recipe nodes would each have a sub-tree, populated from a datebase. Anyone have input, or a suggestion as to where to start looking?
In summary - I'd like to point the leaf siteMapNodes to a SiteMapProvider.
Solution:
I added a file DrugListProvider.cs in the root directory. That holds the code for dynamically generating the sub-tree.
I placed the following node in the Web.sitemap, where I wanted the sub-tree to appear:
<siteMapNode provider="DrugListProvider"/>
Finally, I include this in the web.config file:
<siteMap>
<providers>
<add name="DrugListProvider" type="PrivoWeb.DrugListProvider"/>
</providers>
</siteMap>
I'm trying to make a menu based off of an asp.net sitemap. How do you nest the sitemap nodes so that they all appear on the same level. Here is what I have:
<siteMap xmlns="http://schemas.microsoft.com/AspNet/SiteMap-File-1.0" >
<siteMapNode>
<siteMapNode url="~/Default.aspx" title="Home" description="link to Home" />
<siteMapNode url="~/about.aspx" title="About" description="abot" />
</siteMapNode>
</siteMap>
Here is what the code for the Menu control looks like:
<asp:Menu ID="Menu1" runat="server" BackColor="#E3EAEB"
DataSourceID="SiteMapDataSource1"
</asp:Menu>
They both appear as 2nd tier elements underneath an arrow. Sorry for the beginner question but I've never used the menu control before.
You just need to set the StaticDisplayLevels and only have one level in the sitemap file.
<asp:Menu runat="server" DataSourceID="SiteMapDataSource" StaticDisplayLevels="2" >
</asp:Menu>
An example of the web.sitemap:
<siteMap xmlns="http://schemas.microsoft.com/AspNet/SiteMap-File-1.0" >
<siteMapNode>
<siteMapNode url="Default.aspx" title="Home" description="" />
<siteMapNode url="Page2.aspx" title="Page2" description="" />
</siteMapNode>
</siteMap>