views:

68

answers:

2

I roll my own SiteMapProvider inheriting System.Web.XmlSiteMapProvider.

I want to override logic of checking user to be in a role specified in siteMapNode's property roles:

<siteMapNode url="Add.aspx?type=user" title="Add user" roles="admin" />

How can I do that? Which class's member does XmlSiteMapProvider call to check that if securityTrimmingEnabled="true"?

A: 
public override bool IsAccessibleToUser(HttpContext context, SiteMapNode node)
{
     var roles = node.Roles; // here it is!
     return base.IsAccessibleToUser(context, node);
}
abatishchev
+1  A: 

abatishchev is close but does not provide a clear guidance. Calling base will apply the default asp.net access control rules. If you have custom rules, simply make your decision and return a bool.

public override bool IsAccessibleToUser(HttpContext context, SiteMapNode node)
{
     // use the properties of the context and node to determine accessibility.

     // only call base if you do not want to apply your custom rules
     // return base.IsAccessibleToUser(context, node);
}
Sky Sanders
My question unfortunately attracted no users for some time so I had to find the solution by myself and fortunately did it. You could not mention that I'm simultaneously OP and single answer is my too. Because accepting own answer brings no reputation, I'm happy to accept your one :) Thanks!
abatishchev
@aba - actually, i did not notice that OP and answer were from the same person, just that the guidance could be a bit more clear. Glad you figured it out and glad that I could help, if I did.
Sky Sanders
Ok, I can override `IsAccessibleToUser` to apply own logic to check. But how does *original* `IsAccessibleToUser` works? Reflectors show that it checks `context.User.IsInRole(role)`. Do you know how to set roles to `IPrincipal`?
abatishchev