How does XmlSiteMapProvider validate a user for a given role?

Question

How does XmlSiteMapProvider validate a user for a given role?

I am migrating my own SiteMapProvider inheriting System.Web.XmlSiteMapProvider.

I want to override the logic for checking the user for the role specified in the siteMapNode property roles:

<siteMapNode url="Add.aspx?type=user" title="Add user" roles="admin" />

How can i do this? Which member of the class makes an XmlSiteMapProvider call to verify what if securityTrimmingEnabled="true"?

+3

asp.net sitemapprovider

abatishchev May 22, '10 at 13:58

source share

3 answers

public override bool IsAccessibleToUser(HttpContext context, SiteMapNode node)
{
     var roles = node.Roles; // here it is!
     return base.IsAccessibleToUser(context, node);
}

+1

abatishchev May 22, '10 at 14:09

source share

, - , web.config

<siteMap defaultProvider="XmlSiteMapProvider" enabled="true">
    <providers>
      <clear/>
      <add name="XmlSiteMapProvider"
           description="Default Sitemap Provider"
           type="System.Web.XmlSiteMapProvider"
           siteMapFile="Web.sitemap"
           securityTrimmingEnabled="true"/>
    </providers>
  </siteMap>

role = "something"

0

daniel 25 . '13 17:21

Sky sanders · Accepted Answer · 2010-05-22T15:05:29+0000

abatishchev is close but does not give a clear indication. The call base will apply asp.net access control rules by default. If you have custom rules, just make a decision and return the bool.

public override bool IsAccessibleToUser(HttpContext context, SiteMapNode node)
{
     // use the properties of the context and node to determine accessibility.

     // only call base if you do not want to apply your custom rules
     // return base.IsAccessibleToUser(context, node);
}

How does XmlSiteMapProvider validate a user for a given role?

More articles: