Use web.sitemap to control page access

Question 1

Use web.sitemap to control page access

c# asp.net authentication web-config web.sitemap

Jakob Gade · Apr 1, 2010 · Viewed 8.1k times · Source

Answer

Answer

Probably you're looking for SecurityTrimmingEnabled. See this forum post and blog entry for more details.

So Web.config restricts access from direct URL typing and Web.sitemap - from URLs being displayed

Question 2

I was setting up permissions for pages in a ASP.NET website with <location> tags in web.config, something similar to this:

<location path="Users.aspx">
  <system.web>
    <authorization>
      <allow roles="Administrator"/>
      <deny users="*"/>
    </authorization>
  </system.web>
</location>

However, I also have a web.sitemap which basically contains the same information, i.e. which user roles can see/access which pages. A snippet from my web.sitemap:

<?xml version="1.0" encoding="utf-8" ?>
<siteMap xmlns="http://schemas.microsoft.com/AspNet/SiteMap-File-1.0" >
  <siteMapNode title="Home">
    ... lots of nodes here ...
    <siteMapNode url="users.aspx" roles="Administrator" title="users" description="Edit users" />
    ...
  </siteMapNode>
</siteMap>

Is there some kind of nifty way of using web.sitemap only to configure access? The <location> tags are quite verbose, and I don't like having to duplicate this information.

Use web.sitemap to control page access

Answer

Related questions