Hi,

 I'm doing a webpage that uses user autorization, some of the users can navigate all the site, while some users only can see a reduced part.. To navigate from one page to another, I use a menu in the masterpage.. And when the user login and enter the first page, in the load event I search what can do the user and I would like to enable or disable the menu options wich can the loged user can use.

 How can I enable or disable some of the menu options of the masterpage from a content page?

Thanks!!

I would imagine you are using an XML Datasource to pass the XMLFile to your asp.net menu control?

If that is the case what the easiest way to do this is to actually set the XMLFile in your master page on page_load. This makes it so you can have multiple XML Files all with different menu items that you can pass on to your users page. For example

protected void Page_Load(object s,EventArgs e)
{
     if(userRole == "admin")
         XmlDataSource1.DataFile = "admin.xml";
     else
         XmlDataSource1.DataFile = "user.xml";
}

you need to remplace the if statement with your own user roles however this will ge the correct file. Also the DataFile needs to be its virtual path within your solution.

Hope this help, also remeber that removing things from the menu will not stop someone from just browsing to a hidden page by typing the url into the browser. Thats another topic all together

And.. Can I forbid the access to the don't authenticated users?

Thanks!

Hi,

 yes, use the Web Site Administration Tool, which is build in Visual Web Developer etc.

I think, the tools is include in 2.0, 3.0 and 3.5.

 Then using the Web Site Administration Tool is it possible to create access rules to folders, an even changing providers etc.

 If you have a menu, where some of links should be displayed for an unauthenticated user or a user, who do not have access on the page use the securityTrimming method.

Best regards

Mikael, Denmark

We came up with the same process of using different XmlFiles (granted we came to so many user's etc that we moved to an sql database) but yes let me put together some code for you below.

XmlStructure

  <siteMap xmlns="http://schemas.microsoft.com/AspNet/SiteMap-File-1.0">
      <siteMapNode url="/menu/TSRPortal.aspx" title="Dashboard" image="~/Menu/images/icons/dashboard.png" description="Dash Board" />
      <siteMapNode url="/TSRPortal/v4/HoursReview/" title="Personal Hours Review" image="~/Menu/images/icons/hours_icon.png" description="Personal Hours Review" />
      <siteMapNode url="/TSRPortal/v4/PayrollReview/" title="Payroll Review" image="~/Menu/images/icons/payroll_icon.png" description="Payroll Review" />
      <siteMapNode url="/tools/intranet/HRTicket_Tracker.aspx" title="HR Request" image="~/Menu/images/icons/intranet_icon.png" description="HR Request" />
      <siteMapNode url="/tools/intranet/intranet.aspx" title="Intranet" image="~/Menu/images/icons/intranet_icon.png" description="Corp Intranet" />
      <siteMapNode url="/menu/bug/" title="Report A Bug" image="~/Menu/images/icons/bug.png" description="Corp Intranet" />
</siteMap>

Security Check Class

using System;
using System.Data;
using System.Data.SqlClient;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Xml;

/// <summary>
/// Summary description for SecurityCheck
/// </summary>
public class SecurityCheck
{    
    private string _role;
    public string role { set { _role = value; } }
    private string _url;
    public string url { set { _url = value; } }

    public void check()
    {
        if (_role == null)
            return;
        XmlDocument doc = new XmlDocument();
        if (_role == "admin")
            doc.Load("admin.xml");
        else if (_role == "user")
            doc.Load("user.xml");
        else
            HttpContext.Current.Response.Redirect("invalidCred.aspx");
        bool authenticate = false;
        foreach (XmlNode node in doc.ChildNodes[1])
        {
            authenticate = CheckChildNodes(node);
            if(authenticate)
                break;
        }
        doc = null;
        if(!authenticate)
            HttpContext.Current.Response.Redirect("invalidCred.aspx");
    }

 
    private bool CheckChildNodes(XmlNode node)
    {
        bool auth = false;
        if (node.HasChildNodes())
        {
            foreach (XmlNode child in node.ChildNodes)
            {
                if (child.HasChildNodes)
                    auth = CheckChildNodes(child);
                if (child.Attributes["url"].ToString().ToLower() == _url)
                    auth = true;
                if (auth)
                    break;
            }
        }
        else
            if (node.Attributes["url"].ToString().ToLower() == _url)
                auth = true;
        return auth;
    }
 

    The above will take your code behind values, load the appropriate url and loop through all the nodes inside that XML File. It will also loop through all child nodes

  Code Behind

protected void Page_Load(object s,EventArgs e)
{
    if(!Page.IsPostBack)
    {
       SecurityCheck objSc = new SecurityCheck();
       objSc.role = "admin"; //user role here
       objSc.url = Request.Path.ToString();
       objSc.check();
    }
}

 all this functionality is standard in the .Net 2.o authorisation model. You can use the <location /> node in your web.config to define folders on your site that allow and/or disallow certain roles. Then, in your .sitemap file (which you can associate with your menu control) you can add a 'roles' attribute to your secure sitemap nodes, having them only appear when the authenticated user has the appropriate role.