Enable sitemap security trimming in ASP.NET 2.0

Want to enable security trimming for your ASP.NET sitemap? Here's how...

First of all, you need a new section in your web.config system.web element:

[code:xml]

<system.web>
  <!-- ... other system.web configuration stuff ... -->
  <siteMap defaultProvider="XmlSiteMapProvider" enabled="true">
    <providers>
      <add name="XmlSiteMapProvider"
        description="Default SiteMap provider."
        type="System.Web.XmlSiteMapProvider "
        siteMapFile="Web.sitemap"
        securityTrimmingEnabled="true" />
    </providers>
  </siteMap>
</system.web>

[/code]

Next, you should specify which pages are visible to who:

[code:xml]

<location path="ForgotPassword.aspx">
  <system.web>
    <authorization>
      <allow users="?"/>
      <deny users="*"/>
    </authorization>
  </system.web>
</location>
<location path="ModifyPassword.aspx">
  <system.web>
    <authorization>
      <deny users="?"/>
      <allow users="*"/>
    </authorization>
  </system.web>
</location>

[/code]

In this example, the page ForgotPassword.aspx is visible to anonymous users, while authenticated users do not need this page (as they already knew their password while logging in...). ModifyPassword.aspx is only visible to authenticated users, as anonymous users can't do that.

This is an imported post. It was imported from my old blog using an automated tool and may contain formatting errors and/or broken images.

Leave a Comment