Dynamically Modify Role Permissions And Also Generate The Appropriate Sitemap / Menus?
Jun 28, 2010
I'm doing some research on security and sitemaps in ASP.net and am unfortunately running short on time. I have not worked too much with ASP.net security so I'm not completely sure if I'm heading in the right direction.
Here is my problem:
I have a public website (i.e. on the internet) that will allow any user to sign up to. The website will be developed using ASP.net webforms. These users may create other users and assign these users different roles.
Different roles have different restrictions and the menu is displayed appropriately. For example, a user acting as an administrator can see all menu options. Whereas a limited user will only see some of these menu items.
There needs to be the ability for users on our end to modify what pages certain roles can access. For example, if Role1 can do task X, we would like to be able at some point modify Role1 to no longer do task X. This would be done using an application built in-house.
User types (roles) are to be saved in the database. User permissions (what pages each type can have access to) are also to be saved saved in the database.
Here is something I am thinking of doing:
Implement the authorization and authentication set up built in to ASP.net using the web.config fileUse Sitemaps to dynamically create menus/breadcrumbs from the database
I believe it is possible to do the second one using custom providers (please correct me if I'm wrong). But I am not entirely sure if it's possible to configure the web.config file dynamically.
I suppose this is really more of a yes/no answer but I would just like to make sure I'm not going in the wrong direction. I will be using VS2008 and .net 3.5 framework.
in one of my page i need to display the menus & sub menus dynamically,for this i have a menu table called colleges & one more table called branchs 1] ABC Science ArtsCommarce2] EFG mathszoology historylike thissome times the menus are 3some times they may be 4,5,6 may randommy incresesfor this i have the two table one is menu & sub-menus
Is there a way to have 2 different menus that have their items populate from 2 separate sitemap datasources?
Currently I have one menu that is populating correctly from one sitemap. I would like to remove some items from this menu and have them in another menu positioned somewhere else on my page. How can I make this second menu populate these items from a seperate datasource?
How can I implement role based security that would show the admin tab if the user was logged in as a admin by using (ul-li) like the below code as a simple example. I do not want to use the menu control is this possible ?
I have a menu in my application (created from the sitemap) which I want available to two user roles. However, there are items on that menu, I want available only to one role or the other. So I have created the following in my sitemap.
[Code]....
Essentially, I want employees with the "TimeUser" role to see the "My Profile" link that goes to the EmpProfile.aspx page, but not the link to the client profile page. However, when an employee logs in, they see both. I am guessing this may be because the "My Account" node which contains them allows both roles. Is there a way around this without duplicating the "My Account" node?
I have a sitemap defined in a web.sitemap file and I'm also doing role-based authorization for locations using web.config. I'm using the web.sitemap to generate a menu structure on a Master page, and I wanted to somehow hook the role-based auth from web.config into my menu to hide links to pages that would be denied access from the roles auth.
Is it possible to read the list of <location path=""> and associated role authorizations (allow or deny) from web.config so I can check that against the web.sitemap when generating the menu structure?
I have role assignments on both the first and second level of my menus within my sitemap file. The first level works fine, and I only see items assigned to my role. But roles assignments seem to have no effect on the second level. It seems like if you have access to the first level, you have access to everything on the second level. Is this correct?
From my sitemap (either a SalesRep or an Administrator can see everything underneath): <siteMapNode title="Administration" roles="SalesRep,Administrator" description="Admin" > <siteMapNode title="CompanyMaintenance" roles="SalesRep" url="~/Admin/CompanyManagement.aspx" /> <siteMapNode title="Initialize Roles" roles="Administrator" url="~/Admin/Roles.aspx"/> </siteMapNode>
My web app has 3roles, I need to lock down certain sitemap menu items based on the users role and what I'm using isn't working.
my roles are Supervisor, manager, and User.
[Code]....
I only want those roles to see those menu options, I do not want someone with a user role to see those options at all. Currently if I log into my site with a user role, I'm seeing everything on the menu (via the sitemap).
home/page1 gallery/image1 info/IT/contact home/page2 home/page3 gallery/image2 info/IT/map and so on.
I would like to arrange the above urls into a tree fashion as shown below (each item will be a url link). The final output would be a simple HTML List (plus any sub list(s))
thus:
home gallery info page1 image1 IT page2 image2 contact page3 map
Programming Language is C# , platform is asp.net
EDIT 1:
In the above example, we end up with Three Lists because in our example there is three main 'groups' eg: home, gallery, info.
I would like to generate a dynamic sitemap to my website.It should be updated daily. Depends up on database user i have to generate.I am in initial stage of my website development.What are the things i have to take care. And how to develop a sitemap according to my requirement. I am using TeamSys 2008
Im creating a web application in asp.net visual studio 2008.. in my application, i have manually created a menu control.. since, the menus changes by needs, i wish to load it dynamically from sql table..simple application which loads a menu control dynamically and i can develop mine using those concepts.
I have a menus in master page.I took treeview to display the menus.But i want to make visible and invisible of some main menus according to my requirement . when i login into the page form.aspx menus will appear. But when i click the submit button then those menus will disappear and some more new menus will appear.
I'm thinking there has to be an efficient and OO way to do this.
I have several textboxes on a data entry page. When I need to make a new entry, I have to clear the text field before making new entries and this has to be done for quite a number of textboxes and across several pages.
Is there a way to use the FindControl method to locate all textboxes on a page and clear their textfields probably using a loop of some sorts?
On our site, we have our sitemap in this order:SiteName > SelectedProject > Path > To > PageWhere SiteName takes you to the very root page which is primarily to select a project and SelectedProject takes you to the project's homepage.Currently, in the Web.sitemap file, SelectedProject has a static name. How can I rename it to the name of the selected project, which can be obtained from Session("PRJ")?
