Sitemap security trimming using roles attributes only, and not allow/deny rules elsewhere.

Question

I am aware that the tag has the "roles" attribute to make up for the nodes that don't have the "url" attribute, which can be resolved in other ways. I'm not interested in these other ways, though, I'd like to have all my permissions set in my sitemap file. How to accomplish this?

I'm using custom RoleProvider, custom MembershipProvider, and the default XmlSiteMapProvider. I also have a security IHttpModule to prevent people from getting there using a direct URL. I'm open to different approaches.

Thanks in advance!

Answer 1

In the end I implemented my own security trimming by deriving from XmlSiteMapProvider. It was simple enough.

public override SiteMapNodeCollection GetChildNodes(SiteMapNode node)
{
    return CustomSecurityTrim(base.GetChildNodes(node));
}