Use web.sitemap to control page access

Posted by Jakob Gade on Stack Overflow See other posts from Stack Overflow or by Jakob Gade
Published on 2010-04-01T08:41:28Z Indexed on 2010/04/01 8:43 UTC
Read the original article Hit count: 390

Filed under:

ASP.NET

|

web.config

|

authentication

|

web.sitemap

I was setting up permissions for pages in a ASP.NET website with <location> tags in web.config, something similar to this:

<location path="Users.aspx">
  <system.web>
    <authorization>
      <allow roles="Administrator"/>
      <deny users="*"/>
    </authorization>
  </system.web>
</location>

However, I also have a web.sitemap which basically contains the same information, i.e. which user roles can see/access which pages. A snippet from my web.sitemap:

<?xml version="1.0" encoding="utf-8" ?>
<siteMap xmlns="http://schemas.microsoft.com/AspNet/SiteMap-File-1.0" >
  <siteMapNode title="Home">
    ... lots of nodes here ...
    <siteMapNode url="users.aspx" roles="Administrator" title="users" description="Edit users" />
    ...
  </siteMapNode>
</siteMap>

Is there some kind of nifty way of using web.sitemap only to configure access? The <location> tags are quite verbose, and I don't like having to duplicate this information.

© Stack Overflow or respective owner

Related posts about ASP.NET

Migrating ASP.NET MVC 1.0 applications to ASP.NET MVC 2 RTM

as seen on ASP.net Weblogs - Search for 'ASP.net Weblogs'
Note: ASP.NET MVC 2 RTM isn’t yet released! But this tool will help you get your ASP.NET MVC 1.0 applications ready for when it is! I have updated the MVC App Converter to convert projects from ASP.NET MVC 1.0 to ASP.NET MVC 2 RTM. This should be last the last major change to the MVC App Converter… >>> More
April 14th Links: ASP.NET, ASP.NET MVC, ASP.NET Web API and Visual Studio

as seen on ASP.net Weblogs - Search for 'ASP.net Weblogs'
Here is the latest in my link-listing blog series: ASP.NET Easily overlooked features in VS 11 Express for Web: Good post by Scott Hanselman that highlights a bunch of easily overlooked improvements that are coming to VS 11 (and specifically the free express editions) for web development: unit… >>> More
Use ASP.NET 4 Browser Definitions with ASP.NET 3.5

as seen on ASP.net Weblogs - Search for 'ASP.net Weblogs'
We updated the browser definitions files included with ASP.NET 4 to include information on recent browsers and devices such as Google Chrome and the iPhone. You can use these browser definition files with earlier versions of ASP.NET such as ASP.NET 3 Read More......(read more) >>> More
ASP.NET webforms + ASP.NET Ajax versus ASP.NET MVC and Ajax framework freedom

as seen on Stack Overflow - Search for 'Stack Overflow'
If given the choice, which path would you take? ASP.NET Webforms + ASP.NET AJAX or ASP.NET MVC + JavaScript Framework of your Choice Are there any limitations that ASP.NET Webforms / ASP.NET AJAX has vis-a-vis MVC? >>> More
ASP.NET MVC 2 Released

as seen on ASP.net Weblogs - Search for 'ASP.net Weblogs'
I’m happy to announce that the final release of ASP.NET MVC 2 is now available for VS 2008/Visual Web Developer 2008 Express with ASP.NET 3.5. You can download and install it from the following locations: Download ASP.NET MVC 2 using the Microsoft Web Platform Installer Download… >>> More

Related posts about web.config

Child web.config can't clear <pages><controls> from parent web.config

as seen on Stack Overflow - Search for 'Stack Overflow'
How can I "clear" the vendor defined <controls> in my child app's web.config? Parent Web Config. <system.web> <pages> <controls>  <add tagPrefix="asp" namespace="VENDOR.Web.UI.Base" assembly="System… >>> More
Configure Forms based authentication in SharePoint 2010

as seen on ASP.net Weblogs - Search for 'ASP.net Weblogs'
Configuring form authentication is a straight forward task in SharePoint. Mostly public facing websites built on SharePoint requires form based authentication. Recently, one of the WCM implementation where I was included in the project team required registration system. Any internet user can… >>> More
Allowing creation/modification of virtual aliases using web.config

as seen on Server Fault - Search for 'Server Fault'
Hi, I've been given a problem to fix, and I initially thought of .htaccess files, except for one thing, I quickly realized it's an IIS server. Is it possible to allow a webmaster the ability to modify the virtual directories using web.config files in the same way you can using .htaccess files? … >>> More
SharePoint 2010 - Access denied during ApplyWebConfigModifications()

as seen on Stack Overflow - Search for 'Stack Overflow'
I have SharePoint 2010 installed on a Windows Server 2008 R2 machine which is also hosting SQL Sever 2008 R2. I am attempting to deploy a solution that includes web parts in the 2010 environment that is working fine in MOSS 2007. The Web Part feature has a feature receiver that updates the web.config… >>> More
Error in Encrypting web.config connection string

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi everybody, I am encrypting web.config file. My code is below. Configuration config = WebConfigurationManager.OpenWebConfiguration("~"); ConfigurationSection section = config.GetSection("connectionStrings"); if (!section.SectionInformation.IsProtected) { section.SectionInformation.ProtectSection("RSAProtectedConfigurationProvider"); … >>> More