ASP.NET: Hide Menu Items by Role with Security Trimming

ASP.NET makes authorizations and security fairly simple with its roleManager, Authentication, and SiteMap providers.  This quick hint only covers how to hide a particular menu item from the standard Menu and TreeList navigation components when using a SiteMap provider.

Web.config Settings for Role-based Menu Security

1) When you declare your sitemap provider, turn sucrityTrimmingEnabled to true:

<siteMap defaultProvider="XmlSiteMapProvider" enabled="true">
    <add name="XmlSiteMapProvider" description="Default SiteMap provider." type="System.Web.XmlSiteMapProvider " siteMapFile="Web.sitemap" securityTrimmingEnabled="true"/>

2) After you’ve turned securityTrimmingEnabled on, then you can tell ASP what “locations” or url node to hide…again, in your web.config file, after you close out </system.web>:

<location path="~/MgrReports">



<allow roles="managers"/>

<deny users="*"/>




You can set which roles get access in the <allow roles> node…use commas to separate multiple roles.

I searched long and hard for this, and finally found a great post by Danny Chen.  Read his post for a much fuller explanation:



One Response to ASP.NET: Hide Menu Items by Role with Security Trimming

  1. Flavia June 10, 2011 at 10:09 am #

    Thank you. Simple and worked perfectly.

Powered by WordPress. Designed by Woo Themes