<siteMapNode roles="*">
<siteMapNode url="~/Default.aspx" title=" Main"开发者_运维百科 description="Main" roles="*"/>
<siteMapNode url="~/Items.aspx" title=" Adv" description="Adv" roles="Administrator"/>
....
any user can see Adv page. That is a trouble and a qustion : why and how to hide out of role sitenodes.
but if I do HttpContext.Current.User.IsInRole("Administrator")
it shows me if user in Administrator role or not.
web config :
<authentication mode="Forms"/>
<membership defaultProvider="SqlProvider" userIsOnlineTimeWindow="20">
<providers>
<add connectionStringName="FlowWebSQL" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" passwordFormat="Hashed" applicationName="/" name="SqlProvider" type="System.Web.Security.SqlMembershipProvider"/>
</providers>
</membership>
<roleManager enabled="true" defaultProvider="SqlProvider">
<providers>
<add connectionStringName="FlowWebSQL" name="SqlProvider" type="System.Web.Security.SqlRoleProvider" />
</providers>
</roleManager>
Enable security trimming Security trimming is not enabled by default, and it cannot be enabled programmatically; it can only be set in the Web.config file
http://msdn.microsoft.com/en-us/library/ms178428.aspx
You need to use location tag in web.config.
<location path ="Items.aspx" >
<system.web>
<authorization>
<allow roles ="Administrator"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
See following for step by step custom role implementation
http://urenjoy.blogspot.com/2010/03/custom-role-provider-sitemap-navigation.html
精彩评论