'How to implement security trimming with a website with multiple folders and multiple web.config files?
I have a website that has highly granulised access and hence requires many web.config files. The problem is I would like to trim the menu so that only certain users will have access to certain folders. I have enabled trimming and setup roles in the sitemap, however when I access the page the menu is not show, as I am authorized to view the default page which is not in a subfolder. When I type the url of a page in sub folder's I have access.
How should I handle this:
- A site map for each web.config file - don't know how this will work
- Removing the sub web.config file to only use a single one
Solution 1:[1]
you can use MembershipUser, RoleManager classes and regsql.exe tool to generate your database of security.
Or create specific library of security with IPrincipal and IIdentity.
Solution 2:[2]
Answered my question found solutions here: ASP Forums
All that needed to be done was to make sure the top node in the sitemap had a url.
<?xml version="1.0" encoding="utf-8" ?>
<siteMap xmlns="http://schemas.microsoft.com/AspNet/SiteMap-File-1.0" >
<siteMapNode **url="~/"** title="Home" description="">
<siteMapNode title="Home" url="~/Default.aspx"/>
<siteMapNode title="About" url="~/About/About.aspx" />
<siteMapNode title="Lists" url="~/Lists/Lists.aspx" />
</siteMapNode>
</siteMap>
Note this line:
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Aghilas Yakoub |
| Solution 2 | TylerH |