安全修剪站点地图时如何影响单个子节点?
我有一个 ASP.Net 站点,在其中我尝试使用 Windows 身份验证和 Active Directory 角色来限制对某些页面的访问。我看过 来自 Scott Gu 的教程页面,但我无法完全实现我想要的。
我忽略了 SiteMapDataSource 中的根节点。我想向所有用户显示“文档”节点,但将“搜索”和“上传”角色的显示限制为 2 个不同的角色。我在“DOMAIN\validrole”中,但不在“DOMAIN\madeuprole”中。通过下面的站点地图和 web.config,我可以显示所有节点。如果我从“文档”节点中删除 roles="*" (按照 Scott Gu 的建议),则不会显示任何节点。
有没有一种方法可以限制单个子节点的显示,而无需编写自定义代码?
这是我的站点地图:
<?xml version="1.0" encoding="utf-8" ?>
<siteMap xmlns="http://schemas.microsoft.com/AspNet/SiteMap-File-1.0">
<siteMapNode url="~/Default.aspx"
title="Home">
<siteMapNode title="Documents" roles="*">
<siteMapNode url="~/Documents/Search.aspx"
title="Search Documents"
roles="DOMAIN\validrole" />
<siteMapNode url="~/Documents/Upload.aspx"
title="Upload Documents"
roles="DOMAIN\madeuprole" />
<siteMapNode url="~/Documents/Publish.aspx"
title="Publish Documents" />
</siteMapNode>
<siteMapNode title="Users" roles="*">
<siteMapNode url="~/Users/Search.aspx"
title="Search Users"
roles="DOMAIN\validrole" />
</siteMapNode>
</siteMapNode>
</siteMap>
这是我的 web.config 的相关部分:
<authentication mode="Windows"/>
<authorization>
<allow roles="DOMAIN\validrole"/>
<deny users="*"/>
</authorization>
<siteMap defaultProvider="XmlSiteMapProvider" enabled="true">
<providers>
<add name="XmlSiteMapProvider"
description="Default SiteMap provider."
type="System.Web.XmlSiteMapProvider"
siteMapFile="Web.sitemap"
securityTrimmingEnabled="true" />
</providers>
</siteMap>
I have a ASP.Net site, in which I'm trying to use Windows Authentication and Active Directory roles to limit access to some pages. I've looked at a tutorial page from Scott Gu, but I can't quite achieve what I want.
I'm ignoring the root node in my SiteMapDataSource. I want to show the "Documents" node to all users, but limit the display of the "Search" and "Upload" roles to 2 different roles. I am in the "DOMAIN\validrole" but not in the "DOMAIN\madeuprole". With the sitemap and web.config below, I am getting all the nodes displayed. If I remove the roles="*" from the "Documents" node (as suggested by Scott Gu), I get no nodes displayed.
Is there a way I can limit the display of individual child nodes without having to write custom code?
This is my sitemap:
<?xml version="1.0" encoding="utf-8" ?>
<siteMap xmlns="http://schemas.microsoft.com/AspNet/SiteMap-File-1.0">
<siteMapNode url="~/Default.aspx"
title="Home">
<siteMapNode title="Documents" roles="*">
<siteMapNode url="~/Documents/Search.aspx"
title="Search Documents"
roles="DOMAIN\validrole" />
<siteMapNode url="~/Documents/Upload.aspx"
title="Upload Documents"
roles="DOMAIN\madeuprole" />
<siteMapNode url="~/Documents/Publish.aspx"
title="Publish Documents" />
</siteMapNode>
<siteMapNode title="Users" roles="*">
<siteMapNode url="~/Users/Search.aspx"
title="Search Users"
roles="DOMAIN\validrole" />
</siteMapNode>
</siteMapNode>
</siteMap>
And this is the relevant section of my web.config:
<authentication mode="Windows"/>
<authorization>
<allow roles="DOMAIN\validrole"/>
<deny users="*"/>
</authorization>
<siteMap defaultProvider="XmlSiteMapProvider" enabled="true">
<providers>
<add name="XmlSiteMapProvider"
description="Default SiteMap provider."
type="System.Web.XmlSiteMapProvider"
siteMapFile="Web.sitemap"
securityTrimmingEnabled="true" />
</providers>
</siteMap>
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
已排序 - 您需要在 Web.config 文件中设置对页面的授权,如下所示:
我已使用路径
"~/Documents/Upload.aspx"尝试过此操作,但这不起作用- 它必须是相对于配置文件的路径。另外,我必须在站点地图节点中放置一个 URL,如下所示:
这阻止了所有内容消失,尽管我不知道为什么。我没有显示 URL,因此任何虚构的 URL 都可以实现这一目的。
Sorted - you need to set up authorization to the page in the Web.config file like this:
I had tried this with the path
"~/Documents/Upload.aspx", but that didn't work - it needs to be a path relative to the config file.Also, I had to put a URL in my sitemap nodes, like this:
This stopped everything disappearing, although I have no idea why. I'm not displaying the URL so any made-up one does the trick.