We need to replace the menu system in our main ASP.NET application. So naturally we're looking at the ASP.NET SiteMapProvider and Menu controls. However we also need enough security to prevent users from directly entering URLs that they shouldn't have access to. We can do this by putting entries in web.config and securing them individually but that's going to be a PITA to manage across multiple web servers.

Is there a Provider that can be used to, well, provide the equivalent of the entries? I haven't been able to find one, and it's slightly frustrating given the existence of the ConfigurationLocation class.

Alternatively is there a configuration option we're missing in SiteMapProvider that will restrict users from getting to URLs they shouldn't?


+1  A: 

Why don't you create rights & profiles to manage wich pages a user can see? I usually create a user class which implements the IPrincipal security interface. On every request to your application, you check the rights of a particular user and output the SiteMap's nodes allowed for this user.