I am having a problem with security trimming of menu links provided by the sitemap. If I set securityTrimmingEnabled="false"
, my menu works but there's no security trimming. If I set securityTrimmingEnabled="true"
, my menu just disappears. How can I fix this?
In web.config
, I have:
<siteMap defaultProvider="XmlSiteMapProvider" enabled="true" >
<providers>
<clear />
<add name="XmlSiteMapProvider"
description="Default SiteMap provider."
type="System.Web.XmlSiteMapProvider"
siteMapFile="Web.sitemap"
securityTrimmingEnabled="true" />
</providers>
</siteMap>
In Site.master
, I have:
<div class="clear hideSkiplink">
<asp:Menu ID="Menu1" runat="server" CssClass="menu" DataSourceID="SiteMapDataSource1">
</asp:Menu>
<asp:SiteMapDataSource ID="SiteMapDataSource1" runat="server" />
</div>
In Web.sitemap
, I have:
<?xml version="1.0" encoding="utf-8" ?>
<siteMap xmlns="http://schemas.microsoft.com/AspNet/SiteMap-File-1.0" >
<siteMapNode url="" title="***">
<siteMapNode url="" title="***">
<siteMapNode url="~/***.aspx" title="***" />
<siteMapNode url="~/***.aspx" title="***" />
<siteMapNode url="~/***.aspx" title="***" />
<siteMapNode url="~/***.aspx" title="***" />
</siteMapNode>
<siteMapNode url="" title="***">
<siteMapNode url="~/Account/***.aspx" title="***" />
<siteMapNode url="~/Account/***.aspx" title="***" />
<siteMapNode url="~/Account/***.aspx" title="***" />
<siteMapNode url="~/Account/***.aspx" title="***" />
</siteMapNode>
</siteMapNode>
</siteMap>
You need to specify roles on your nodes like this (as per this article http://msdn.microsoft.com/en-us/library/ms178428.aspx)
All nodes are by default not displayed when securityTrimmingEnabled is enabled unless you are in one of the allowed roles. To allow all roles you can do this roles="*" (as described here http://blogs.msdn.com/b/dannychen/archive/2006/03/16/553005.aspx)