Category Archives: Authorization

[RESOLVED] Removing a sitemapnode

I am developing an ASP.NET web page with C#.  I have a sitemap document but I want to hide certain nodes based on the user's credentials.  However, I am having problems with my code removing the actual node.  Visual Studio runs the program with no errors.  However, the node is still there.  Below is the code I have developed for this.  The node changes text to "it worked" as I hope written.  However, it will not remove itself.  I can get the item to be disabled, change enablement, but I need to hide it completely from the viewers view - not the document.  Could someone help me with this?

protected void Menu1_MenuItemDataBound(object sender, MenuEventArgs e)
    {


        foreach(char f in e.Item.Text)
        {
            if (e.Item.Text == "Student Verification")
            {
                try
                {
                    myMenuItem = e.Item;
                    myMenuItem.Text = "It Worked";
                    Menu1.Items.Remove(myMenuItem);
                }
                catch (Exception ex)
                {
                    string exstring = Convert.ToString(ex);
                }
            }


        }
    }


 

Here is the code that worked for me


<div style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;" id="_mcePaste">                        if (e.Item.Parent != null)</div> <div style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;" id="_mcePaste">                        {</div> <div style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;" id="_mcePaste">                            e.Item.Parent.ChildItems.Remove(e.Item);</div> <div style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;" id="_mcePaste">                        }</div> <div></div>

if (e.Item.Parent != null)
{
      e.Item.Parent.ChildItems.Remove(e.Item);
}


I used this in a scenario where I check whether the sitemapnode has an attribute "visible".
If so, and its value = "false", then I would remove the node. 

Another way to do this is on the Page_Load event where the menu resides (master page load event if it is on a master page).  Check to see if the user IsAuthenticated and then based on that conditional statement set the provider of the sitemapdatasource to a different provider in the web.config which points to a sitemap file for authenticated, as well as anonymous.  It's a cleaner way then coding to remove items.  Just my opinion.

Another solution, code free, is to use authorization, where you define who can view individual pages; you can do this per user, or preferably, per role. If you then enable SecurityTrimming on the site map provider, the nodes that a user isn't authorised for will be automatically removed from the site map before display.

See the QuickStarts at http://quickstarts.asp.net/QuickStartv20/aspnet/doc/navigation/default.aspx for more.


it works! Here is my code now.

 

protected void Menu1_MenuItemDataBound(object sender, MenuEventArgs e)
    {
        {
            foreach (char f in e.Item.Text)
            {
                if (e.Item.Text == "Student Verification")
                {
                    try
                    {
                        myMenuItem = e.Item;
                        myMenuItem.Text = "It Worked";
                        //Menu1.Items.Remove(myMenuItem);
                        if (e.Item.Parent != null)
                        {
                            e.Item.Parent.ChildItems.Remove(e.Item);
                        }


                    }
                    catch (Exception ex)
                    {
                        string exstring = Convert.ToString(ex);
                    }
                }


            }
       }
}


 

[RESOLVED] For some reason using forms authentication turns off my images on my login page. What do I do

I am using forms authentication, and for some reason it shuts off my images.  I have tried putting them in the same directoy, and still nothing.

If I turn off forms authentication, they come back alive so I know my urls are correct.

Any hlep would be very much appreciated!

Yes i know this issue. Probably the images do appear when the user is logged in?. And they don't appear when the user is not in session?
Check your security settings to see if everybody also anonymous users are able to access your image directory.

f.i. i have my logon page directly beneath my project(no folders) and then all other pages are in the folder web and subfolder.
the web foleder can only be accessded by users which are logged in. I had the same with my images folder, so all users entering my logon page didn't see images. So i change the images folders to allow access for all users.

 

<?xml version="1.0"?>
<!--
    Note: As an alternative to hand editing this file you can use the
    web admin tool to configure settings for your application. Use
    the Website->Asp.Net Configuration option in Visual Studio.
    A full list of settings and comments can be found in
    machine.config.comments usually located in
    \Windows\Microsoft.Net\Framework\v2.x\Config
-->
<configuration>
    <appSettings/>
    <connectionStrings/>
    <system.web>
      <authorization>
        <deny users="?"/>
      </authorization>
    </system.web>
</configuration>

Thanks for the quick reply as well as assistance.  I'll give some time for some more posts and then check the Mark as Answer for you.

Thanks again!