newbie: /app_data

[Jeff]

hey

asp.net 2.0

I've read that it's a good idea to place the .sitemap files in the /app_data
folder in asp.net 2.0 projects. So that is what I'm trying to do....

I've placed my LoggedIn.sitemap in the /app_data folder and configured the
defaultProvider for this menu:
<siteMap defaultProvider="LoggedIn">
<providers>
<add
name="LoggedIn"
type="System.Web.XmlSiteMapProvider"
siteMapFile="/app_data/LoggedIn.sitemap"/>
</providers>
</siteMap>

This menu's SiteMapProvider property is set to "LoggedIn" (with the "")

My problem is that the menu don't show up on the form... I've been testing
my menu having the LoggedIn.sitemap file placed in the root of the folder,
then it works. But I want to have it in /app_data for maximum security. I
guess the reason this failes is that the Provider can't find the
LoggedIn.sitemap file (strange I don't get an error message). So I've been
trying different ways of specifying the path to LoggedIn.sitemap in
web.config:
siteMapFile="LoggedIn.sitemap"/>
siteMapFile="/data/LoggedIn.sitemap"/>
siteMapFile="~/LoggedIn.sitemap"/>
siteMapFile="~/app_data/LoggedIn.sitemap"/>
Without any luck!

Please, what shall I do to solve this problem!

Jeff

 

[Guest]

Jeff,
You are concerned about security when the sitemap file provides the same
information that any user can already see in the menu? Or is this because
this file is only for logged in users and you don't want "casual visitors"
to see it?

Files with the .sitemap extension don't get served anyway, at least last
time I looked. If they did, you could map them to the prohibited handler.

You could consider Jeff Prosise's SqlSiteMap provider (in MSDN Magazine)
That way it can only come out of a database.
Peter