RSS Feed
Download our iPhone app
Browse DevX
Sign up for e-mail newsletters from DevX


Nine ASP.NET Site Navigation Problem Solutions: Part 2

Discover how to grant or deny users access to pages in your sites, and how to create dynamic site maps using database-driven data.

art one of this series introduced the first seven common site map navigation problems and their solutions. This part explores more advanced techniques with the final two problems:

  • Hiding unauthorized pages.
  • Including database-driven content in site map data.
The solution to the first problem requires a brief review of ASP.NET 2.0 authorization and page level security, while solving the second problem involves extending the Site Map Provider model and caching dynamic content using ASP.NET 2.0's new SqlCacheDependency class.

#8: Hiding Unauthorized Pages
In ASP.NET 1.1, hiding unauthorized pages involved setting the visibility of LinkButton controls or preventing/enabling the execution of sections of code manually, using a call to User.IsInRole(). In contrast, ASP.NET 2.0 provides a configurable, extensible, no-code approach. Setting it up involves three steps:

  1. Configure the SiteMapProvider to use security trimmings.
  2. Configure the RoleProvider to retrieve roles.
  3. Configure page- or directory-level authorization rules.
I'll explain each step in the following sections.

Step 1: Enable security trimmings
Site-map files with more than 150 nodes can take substantially longer to perform security-trimming operations.
Enabling security trimmings forces the .NET Framework to limit siteMapNodes exposed by the SiteMapDataSource based on authorization information. Configure the SiteMapProvider to use security trimmings by adding a securityTrimmingEnabled="true" attribute to the XmlSiteMapProvider in the application's web.config file as shown below:

   <siteMap defaultProvider="XmlSiteMapProvider" enabled="true">
       <add name="XmlSiteMapProvider"
         description="Default SiteMap provider"
         securityTrimmingEnabled="true" />

It's worth noting Microsoft's warning that "Site-map files with more than 150 nodes can take substantially longer to perform security-trimming operations." Microsoft recommends using the roles attribute (described at the end of this solution) to help mitigate this potential performance problem.

Close Icon
Thanks for your registration, follow us on our social networks to keep up-to-date