0

How do I : Enable Sitemap Security Trimming in ASP.NET 2.0 /3.5

Posted on Saturday, August 2, 2008 at 10:56 PM.
One of the basic requirements for websites is to restrict access to certain pages. This can be easily done using new security API and Role Management features provided in ASP.NET 2.0.

But its really annoying from user point of view to click on a link in Menu or Tree View control and later discover that he don't save sufficient privilege to access that page. This problem can be easily solved using Security Trimming. Once you enable security trimming for your site map only those items are shown to user on which he has access.

So follow the step by step procedure given below to upgrade your website.

Step 1 : Define Access Rules for your website.

To define folder level access rules open ASP.NET configuration tool and click on security Tab. Now under "Access Rules" section click on Add Access Rule to start defining access rules for your website.




NOTE : Rules defined, follow a top-to-bottom approach i.e. First of all first rule is used then second and so on. For Example in the picture if some one wants to access pages in Administrator folder, First of all .net will check that this user belongs to Administrator Role or not, If user belongs to Administrator role access will be granted else second rule will be checked which says to block all the users. So User who are in Administrator Role will be able to access pages. 
To Define page Level Access Rules you will have to manually edit web.config. 
Add following section in web.config in configuration section.


Step 2: Enable Security Trimming for Site map.

Security Trimming can be enabled by overriding the default Sitemap provider defined in machine.config.Add following code in web.config



Step 3 : Specify roles in web.sitemap file (optional) 

By default only those links will be shown to user on which he has access however if you want to explicitly show a node to a user, this can also be done by specifying role attribute in web.sitemap. This option can also be used to over come the problem if Parent node don't have any URL associated with it.

Define roles in web.sitemap 

 

Example

Before enabling security trimming all links are shown to all users



After enabling security trimming only those links are shown which user can access.

Menu Structure for anonymous user

Menu Structure for Administrator

Tags : , ,
0
Responses to ... How do I : Enable Sitemap Security Trimming in ASP.NET 2.0 /3.5

Post a Comment