Example: a web application Гостиница
, to be accessed by users with two possible roles Приемщик
and admin
.
If the current user has a role admin
, the site map should look like the following:
If the current user has a role Приемщик
, the site map should look like the following:
You want to restrict access to the relevant application forms. To do this, specify the user role that should have access elementz site map, attribute roles
. Have the following site map (contents of the file web.sitemap
):
<siteMapNode title="Hotel" roles="Inspector,admin" xmlns="">
<siteMapNode title="Booking" description="" url="~/forms/Bronirovanie/G_BronirovanieL.aspx" roles="admin"/>
<siteMapNode title="License plate Fund" description="" url="~/forms/KomnataGostinicy/G_KomnataGostinicyL.aspx" roles="Inspector"/>
<siteMapNode title="Kind of animal" description="" url="~/forms/ZHivotnoe/G_ZHivotnoeL.aspx" roles="Inspector"/>
</sitemapNode>
You need to pay attention to the fact that the node maps the top-level site (Гостиница
) lists all the user roles that can have access to this menu (and Приемщик
, and admin
).
To ensure correct display of sub-menu items depending on user role, need to folders of the web application that match the specified in url
forms, add files web.config
.
Folder forms/Bronirovanie
add web.config
follows:
<configuration>
<system.web>
<authorization>
<allow roles="admin"/>
<deny users="*"/>
</authorization>
</system.web>
</configuration>
Folder forms/KomnataGostinicy
and forms/ZHivotnoe
add web.config
follows:
<configuration>
<system.web>
<authorization>
<allow roles="Inspector"/>
<deny users="*"/>
</authorization>
</system.web>
</configuration>
In the result sub-menu items will appear depending on what role the current user of the web application.
If windows-authentication users are processed together with the domain. Therefore, you must use providers that take into account domain. To do this in the application’s configuration file must specify the following:
<membership defaultProvider="CaseberryMembershipProvider">
<providers>
<clear />
<add name="CaseberryMembershipProvider" type="CheckingLibrary.Web.CaseberryDomainMembershipProvider" applicationName="SLAuthSample" />
</providers>
</membership>
<roleManager defaultProvider="CaseberryRoleProvider" enabled="true">
<providers>
<clear />
<add name="CaseberryRoleProvider" type="CheckingLibrary.CaseberryDomainRoleProvider" />
</providers>
</roleManager>
In addition there is a to pay attention to the feature of processing the sitemap file with windows authentication. Namely, the processing sitemapNode
, which is url
and roles
.
<siteMapNode title=Roles url="~/flexberry/DvorecList" roles="tsar" />
If you use the standard sitemap provider the vertex is always visible, as in the presence of the attribute url
checks availability of url node for the current user.
To solve this problem in the following ways:
- To use a custom sitemap provider.
- Add an intermediate vertex without a url attribute.
- To configure the settings of file access.