ASP.NET: Hide Menu Items by Role with Security Trimming

ASP.NET makes authorizations and security fairly simple with its roleManager, Authentication, and SiteMap providers.  This quick hint only covers how to hide a particular menu item from the standard Menu and TreeList navigation components when using a SiteMap provider.

Web.config Settings for Role-based Menu Security

1) When you declare your sitemap provider, turn sucrityTrimmingEnabled to true:

<siteMap defaultProvider="XmlSiteMapProvider" enabled="true">
<providers>
    <add name="XmlSiteMapProvider" description="Default SiteMap provider." type="System.Web.XmlSiteMapProvider " siteMapFile="Web.sitemap" securityTrimmingEnabled="true"/>
</providers>
</siteMap>

2) After you’ve turned securityTrimmingEnabled on, then you can tell ASP what “locations” or url node to hide…again, in your web.config file, after you close out </system.web>:


<location path="~/MgrReports">

<system.web>

<authorization>

<allow roles="managers"/>

<deny users="*"/>

</authorization>

</system.web>

</location>

You can set which roles get access in the <allow roles> node…use commas to separate multiple roles.

I searched long and hard for this, and finally found a great post by Danny Chen.  Read his post for a much fuller explanation:  http://blogs.msdn.com/dannychen/archive/2006/03/16/553005.aspx

Cheers,

Byron

One Response to ASP.NET: Hide Menu Items by Role with Security Trimming

  1. Flavia June 10, 2011 at 10:09 am #

    Thank you. Simple and worked perfectly.

Powered by WordPress. Designed by Woo Themes