I have this sitemap:
<?xml version="1.0" encoding="utf-8" ?>
<siteMap xmlns="http://schemas.microsoft.com/AspNet/SiteMap-File-1.0">
<siteMapNode>
<siteMapNode url="www.google.com" title="Google" roles="*" />
<siteMapNode url="www.zdnet.com" title="Zdnet" roles="NonExistingRole" />
<siteMapNode url="www.microsoft.com" title="Microsoft" roles="*" />
<siteMapNode url="www.bing.com" title="Bing" roles="*" />
</siteMapNode>
</siteMap>
I am using a custom roleprovider configured like this (this works whenever I call for example the GetRolesForUser method):
<authentication mode="Windows"/>
<roleManager enabled="true" defaultProvider="MyProvider">
<providers>
<clear/>
<add name="MyProvider" type="CustomProviders.MyTestRoleProvider, CustomProviders, Version=1.0.0.0, Culture=neutral"/>
</providers>
</roleManager>
<siteMap defaultProvider="XmlSiteMapProvider" enabled="true">
<providers>
<clear/>
<add name="XmlSiteMapProvider" type="System.Web.XmlSiteMapProvider" siteMapFile="Web.sitemap" securityTrimmingEnabled="true"/>
</providers>
</siteMap>
What I expect is that the node with roles="NonExistingRoles" would not get visualized but it does. How to solve this problem?
Also do I need to turn on ?
Apparently it's because the root siteMapNode also needs a roles attribute set to * like this:
<siteMapNode roles="*">
Related
My original web config:
<sessionState mode="Custom" customProvider="SessionStateStore" timeout="5">
<providers>
<add name="SessionStateStore" throwOnError="false" type="Microsoft.Web.Redis.RedisSessionStateProvider" host="localhost" accessKey="sessionstate" port="6379" ssl="false" applicationName="ezimanager" connectionTimeoutInMilliseconds="30000" operationTimeoutInMilliseconds="30000" />
</providers>
</sessionState>
<caching>
<outputCache defaultProvider="RedisOutputCache">
<providers>
<add name="RedisOutputCache" type="Microsoft.Web.Redis.RedisOutputCacheProvider" host="localhost" accessKey="outputcache" port="6379" ssl="false" connectionTimeoutInMilliseconds="30000" operationTimeoutInMilliseconds="30000" />
</providers>
</outputCache>
</caching>
I have tried xdt:Locator="XPath(/configuration/system.web/caching/outputCache)" on the element, and set attributes on the add elements.
I've tried xdt:Transform="SetAttributes(host,accessKey,ssl,port)" xdt:Locator="Match(name)" on the add elements, or even just xdt:Transform="SetAttributes"
The current transform looks like:
<system.web>
<sessionState mode="Custom" customProvider="SessionStateStore" timeout="5">
<providers>
<add name="SessionStateStore"
throwOnError="false"
type="Microsoft.Web.Redis.RedisSessionStateProvider"
host="actualHost"
accessKey="actualAccessKey"
port="6380"
ssl="true"
applicationName="ezimanager"
connectionTimeoutInMilliseconds="30000"
operationTimeoutInMilliseconds="30000"
xdt:Transform="SetAttributes(host,accessKey,ssl,port)"
xdt:Locator="Match(name)" />
</providers>
</sessionState>
<caching>
<outputCache defaultProvider="RedisOutputCache">
<providers>
<add name="RedisOutputCache"
type="Microsoft.Web.Redis.RedisOutputCacheProvider"
host="actualHost"
accessKey="actualAccessKey"
port="6380"
ssl="true"
connectionTimeoutInMilliseconds="30000"
operationTimeoutInMilliseconds="30000"
xdt:Transform="SetAttributes(host,accessKey,ssl,port)"
xdt:Locator="Match(name)"/>
</providers>
</outputCache>
</caching>
</system.web>
The only difference I have managed to affect is occasionally the transform fails completely. Otherwise no change occurs. What am I missing?
Our web.config file has a <location path="." inheritInChildApplications="false"> element surrounding the system.web element
I have an annoying problem and i can't find any start of a solution, so i hope you can help me.
I have a sitemap with roles defined for each node :
<?xml version="1.0" encoding="utf-8"?>
<siteMap enableLocalization="true">
<siteMapNode title="" url="" roles="">
<siteMapNode title="default" url="~/Default.aspx" roles="user" />
<siteMapNode title="supervision" url="~/EcranSupervision.aspx" roles="Admin" />
<siteMapNode title="exploitation" url="~/ChaineTraitementList.aspx" roles="Admin" />
</siteMapNode>
</siteMap>
And in my web.config, i enable security and i use a custom provider :
<siteMap defaultProvider="MainMenuSitemap">
<providers>
<add name="MainMenuSitemap" type="UbiXmlSiteMapProvider" siteMapFile="Web.sitemap" securityTrimmingEnabled="true" />
</providers>
</siteMap>
In my provider, i only override IsAccessibleToUser to do my logic :
public class UbiXmlSiteMapProvider : XmlSiteMapProvider
{
public override bool IsAccessibleToUser(HttpContext context, SiteMapNode node)
{
// custom logic here
}
}
My problem is that the node used in IsAccessibleToUser is always the one with the url "Default.aspx".
So if I have the role to see it, all the nodes are shown and if i don't have the role, none of the nodes are shown.
I don't understand what is wrong here.
Do you have a hint for me ?
I'm having trouble figuring out why I'm getting this error message:
A network-related or instance-specific error occurred while establishing a connection to
SQL Server. The server was not found or was not accessible. Verify that the instance name
is correct and that SQL Server is configured to allow remote connections. (provider: SQL
Network Interfaces, error: 26 - Error Locating Server/Instance Specified)
I have a simple membership and rolemanager set up and working properly like this:
<connectionStrings>
<add name="GustaafConnectionString" connectionString="Data Source=ROBBIE-PC\PHL;Initial Catalog=Gustaaf;Integrated Security=True" providerName="System.Data.SqlClient"/>
</connectionStrings>
<authentication mode="Forms">
<forms timeout="1440" protection="All" slidingExpiration="true"/>
</authentication>
<anonymousIdentification enabled="true"/>
<roleManager enabled="true" defaultProvider="RoleProvider">
<providers>
<add connectionStringName="GustaafConnectionString" applicationName="Gustaaf" name="RoleProvider" type="System.Web.Security.SqlRoleProvider"/>
</providers>
</roleManager>
<membership defaultProvider="MembershipProvider">
<providers>
<clear/>
<add name="MembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="GustaafConnectionString"
applicationName="Gustaaf" enablePasswordRetrieval="true" enablePasswordReset="false" requiresQuestionAndAnswer="true"
requiresUniqueEmail="false" passwordFormat="Encrypted"/>
</providers>
</membership>
That's great and all, but the error happens here:
<profile>
<properties>
<add
name="numberOfVisits"
type="Int32"
defaultValue="0"
allowAnonymous="true" />
<group name="Address">
<add name="City"
defaultValue="NA"/>
<add name="PostalCode"
type="Int32"
defaultValue="0"/>
<add name="Street"
defaultValue="NA" />
<add name="Number"
type="Int32"
defaultValue="0" />
</group>
<add name="PhoneNumber"
defaultValue="NA"/>
<add name="DateOfBirth" type="DateTime"
defaultValue="GetDate()"/>
</properties>
</profile>
As soon as I try to access these properties from a website like for example the masterpage, I get the error message above. Here's what I'm doing:
protected void Page_PreRender()
{
if (Profile.IsAnonymous)
{
Profile.numberOfVisits++;
}
}
Could someone explain to me why I'm getting this message?
You need to define a provider for the profile like you have done for Roles/Membership so
something like this -
<profile defaultProvider="SqlProvider">
<providers>
<clear/>
<add name="SqlProvider"
type="System.Web.Profile.SqlProfileProvider"
connectionStringName="GustaafConnectionString"
applicationName="Gustaaf" />
</providers>
<properties>
<!-- Properties Here -->
</properties>
</profile>
See here for full reference http://msdn.microsoft.com/en-us/library/system.web.profile.sqlprofileprovider.aspx
I am having a problem with security trimming of menu links provided by the sitemap. If I set securityTrimmingEnabled="false", my menu works but there's no security trimming. If I set securityTrimmingEnabled="true", my menu just disappears. How can I fix this?
In web.config, I have:
<siteMap defaultProvider="XmlSiteMapProvider" enabled="true" >
<providers>
<clear />
<add name="XmlSiteMapProvider"
description="Default SiteMap provider."
type="System.Web.XmlSiteMapProvider"
siteMapFile="Web.sitemap"
securityTrimmingEnabled="true" />
</providers>
</siteMap>
In Site.master, I have:
<div class="clear hideSkiplink">
<asp:Menu ID="Menu1" runat="server" CssClass="menu" DataSourceID="SiteMapDataSource1">
</asp:Menu>
<asp:SiteMapDataSource ID="SiteMapDataSource1" runat="server" />
</div>
In Web.sitemap, I have:
<?xml version="1.0" encoding="utf-8" ?>
<siteMap xmlns="http://schemas.microsoft.com/AspNet/SiteMap-File-1.0" >
<siteMapNode url="" title="***">
<siteMapNode url="" title="***">
<siteMapNode url="~/***.aspx" title="***" />
<siteMapNode url="~/***.aspx" title="***" />
<siteMapNode url="~/***.aspx" title="***" />
<siteMapNode url="~/***.aspx" title="***" />
</siteMapNode>
<siteMapNode url="" title="***">
<siteMapNode url="~/Account/***.aspx" title="***" />
<siteMapNode url="~/Account/***.aspx" title="***" />
<siteMapNode url="~/Account/***.aspx" title="***" />
<siteMapNode url="~/Account/***.aspx" title="***" />
</siteMapNode>
</siteMapNode>
</siteMap>
You need to specify roles on your nodes like this (as per this article http://msdn.microsoft.com/en-us/library/ms178428.aspx)
<siteMapNode title="Support" description="Support" url="~/Customers/Support.aspx" roles="Customers" />
All nodes are by default not displayed when securityTrimmingEnabled is enabled unless you are in one of the allowed roles. To allow all roles you can do this roles="*" (as described here http://blogs.msdn.com/b/dannychen/archive/2006/03/16/553005.aspx)
I have sitemap which looks like this:
<?xml version="1.0" encoding="utf-8" ?>
<siteMap xmlns="http://schemas.microsoft.com/AspNet/SiteMap-File-1.0" >
<siteMapNode url="~/default.aspx" title="Prva stran" roles="*" description="Shema ISEF">
<siteMapNode roles="2" title="Analize" id="Analize" description="" >
<siteMapNode url="~/karneki1.aspx" title="Karneki1" description="" />
<siteMapNode url="~/karneki2.aspx" title="Karneki2" description="" />
</siteMapNode>
</siteMapNode>
</siteMap>
if I set roles in a siteMapNode with title "Analiza" it works fine, the link is not shown in the navigation... but if I set roles on any of "karneki" siteMapNode the links are still visible...
Is it even posible to restrict access to lower links based on user role?
Use the SiteMap 'securityTrimmingEnabled' attribute:
http://msdn.microsoft.com/en-us/library/ms178428.aspx
The asecurityTrimmingEnabled attribute also needs to be added to the nodes in the markup:
http://weblogs.asp.net/jgalloway/archive/2008/01/26/asp-net-menu-and-sitemap-security-trimming-plus-a-trick-for-when-your-menu-and-security-don-t-match-up.aspx
An overview of how securityTrimmingEnabled is supposed to work:
http://blogs.msdn.com/b/dannychen/archive/2006/03/16/553005.aspx
The solution to this is that you need to set the roles in a Web.config for the pages itself.
See http://weblogs.asp.net/jgalloway/archive/2008/01/26/asp-net-menu-and-sitemap-security-trimming-plus-a-trick-for-when-your-menu-and-security-don-t-match-up.aspx
e.g. in the folder for a page called AdminOnly.aspx add a Web.Config with the following:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<location path="AdminOnly.aspx">
<system.web>
<authorization>
<allow roles="Administrator"/>
<deny users="*" />
</authorization>
</system.web>
</location>
</configuration>
Try to add the roles to the site map like this
<?xml version="1.0" encoding="utf-8" ?>
<siteMap xmlns="http://schemas.microsoft.com/AspNet/SiteMap-File-1.0" >
<siteMapNode url="~/default.aspx" roles="*" title="Prva stran" roles="*" description="Shema ISEF">
<siteMapNode roles="2" title="Analize" id="Analize" description="" >
<siteMapNode roles="*" url="~/karneki1.aspx" title="Karneki1" description="" />
<siteMapNode roles="*" url="~/karneki2.aspx" title="Karneki2" description="" />
</siteMapNode>
</siteMapNode>
</siteMap>