can someone explain me why this does not work?




I have a problem with sitemap combined with role. I posted in the
professional group but i reformulated here and made the things simplier: I
tried a lot of things, read a lot of stuff, but it's still unsolved.

there are two defined users: user1 and user2
there is one role: manager
user1 belongs to the role manager; user2 not.

there are three pages (page1.aspx, page2.aspx and page3.aspx).
page1.aspx is only reserved for role manager (user1)
page2.aspx and page3.aspx is for all users.

the sitemap is:
<siteMapNode url="page1.aspx" title="pg1" roles="manager" >
<siteMapNode url="page2.aspx" title="pg2" roles="*" >
<siteMapNode url="page3.aspx" title="pg3" roles="*" >

i read somewhere on internet this:
"If the current user is in a role specified in the node's Roles property, or
if Roles is "*", the node is returned. "
"If the current user is not in a role specified in the node's Roles
property, then a URL authorization check is performed to determine whether
the user has access to the node's URL. If the answer is yes, the node is
returned. "

so i put a URL authorization in the web.config:

<configuration xmlns="">

<roleManager enabled="true" />

<location path="page1.aspx">
<deny users="*" />


<compilation debug="false" strict="false" explicit="true" />
<clear />
<add namespace="System" />

<authentication mode="Forms" />

<siteMap defaultProvider="AspXmlSiteMapProvider" enabled="true">
<add name="AspXmlSiteMapProvider"
type="System.Web.XmlSiteMapProvider, System.Web, Version=2.0.3600.0,

Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
siteMapFile="web.sitemap" securityTrimmingEnabled="true"/>

When logging as user1, i see the three pages (that's ok).
When logging with user2, i see nothing.

Because user2 is not in the role for page1, the Url authorization takes
place and this page1 is hidden, but why the two others? there are roles="*"
on each line in web.sitemap.

Later,I added this in web.config for testing: but this gives exactly the
same: user1 sees all 3 pages, user2 nothing!

<location path="page2.aspx">
<allow users="*" />

Thanks for explanation




I thought this would be a challenge for some 'expert' guys ..
But i found it finally ...
page1 is parent of the others, so the others are also hidden.

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question