views:

8

answers:

0

hi all,

My current project has a requirement to show a site menu at the top of the page (and others elsewhere) that is dependant on the users roles in the application.

A user is able to modify their roles at run time (or have them modified by someone else) and as such the menu must show or hide those links.

This particular site we are developing is a sort of redevelopment of an existing sites framework whilst keeping the UI elements looking identical and providing new functionailty.

The main thing that this introduces is that in the menu we need to provide links back to the old functionality and these links need to show or hide depending on the users access in the other application (these will be external urls).

For example in the existing application there will be these links

Home | Profile | Address | Card | Regulation

Whilst in the existing application the first 4 links would be virtual paths and the 5th would be an external url. When the 5th link is clicked the user will be redirected to the new server (that has a page that looks identical to the current page, menu-wise at least). On the new page the first 4 links will be external urls and the 5th will be a virtual path.

The problem is that the "Card" link being visible is based upon a certain application role (this authorisation is a custom job here not any asp.net membership provider) and this link needs to be hidden in both "sites" if the user doesnt have permision to see it.

I believe even if we did use a asp.net membership provider, the way teh security trimminings works it would not work on an external url.

Basically I'm trying to determine the best way to go with this, if i can inherit from the sitemapprovider and get the functionality I want or if I will have to write a custom job.

The sitemapprovider would also need to be able to identify the current user in order to ask for their permissions etc.