art one of this series
introduced the first seven common site map navigation problems and their solutions. This part explores more advanced techniques with the final two problems:
- Hiding unauthorized pages.
- Including database-driven content in site map data.
The solution to the first problem requires a brief review of ASP.NET 2.0 authorization and page level security, while solving the second problem involves extending the Site Map Provider model and caching dynamic content using ASP.NET 2.0's new SqlCacheDependency class.
#8: Hiding Unauthorized Pages
In ASP.NET 1.1, hiding unauthorized pages involved setting the visibility of LinkButton controls or preventing/enabling the execution of sections of code manually, using a call to User.IsInRole()
. In contrast, ASP.NET 2.0 provides a configurable, extensible, no-code approach. Setting it up involves three steps:
- Configure the SiteMapProvider to use security trimmings.
- Configure the RoleProvider to retrieve roles.
- Configure page- or directory-level authorization rules.
I'll explain each step in the following sections.
Step 1: Enable security trimmings
|Site-map files with more than 150 nodes can take substantially longer to perform security-trimming operations.|
Enabling security trimmings
forces the .NET Framework to limit siteMapNodes
exposed by the SiteMapDataSource based on authorization information. Configure the SiteMapProvider to use security trimmings by adding a securityTrimmingEnabled="true"
attribute to the XmlSiteMapProvider in the application's web.config
file as shown below:
<siteMap defaultProvider="XmlSiteMapProvider" enabled="true">
description="Default SiteMap provider"
It's worth noting Microsoft's warning that "Site-map files with more than 150 nodes can take substantially longer to perform security-trimming operations." Microsoft recommends using the roles
attribute (described at the end of this solution) to help mitigate this potential performance problem.