I'm using Forms authentication and restricting access to a subdirectory
with a web.config:
<configuratio n>
<system.web>
<authorizatio n>
<allow roles="PLAIN_US ER"/>
<allow roles="ADMIN_US ER"/>
<deny users="*" />
</authorization>
</system.web>
</configuration>
I also created a sitemap as follows:
<?xml version="1.0" encoding="utf-8" ?>
<siteMap xmlns="http://schemas.microso ft.com/AspNet/SiteMap-File-1.0" >
<siteMapNode url="~/Default.aspx" title="Home">
<siteMapNode
url="~/MemberPages/Desktop.aspx?pi d=2"
title=" Plain User Home |"
description="Pl ain User Home Page"
roles="PLAIN_US ER" />
<siteMapNode
url="~/MemberPages/Desktop.aspx?pi d=1"
title=" Amdin User Home |"
description="Ad min Home Page"
roles="ADMIN_US ER" />
</siteMapNode>
</siteMap>
However, both the "Plain User Home" and "Admin User Home" appear in the
menu. Shouldn't the roles restricted in the sitemap override the
authorization in the web.config?
Thanks
with a web.config:
<configuratio n>
<system.web>
<authorizatio n>
<allow roles="PLAIN_US ER"/>
<allow roles="ADMIN_US ER"/>
<deny users="*" />
</authorization>
</system.web>
</configuration>
I also created a sitemap as follows:
<?xml version="1.0" encoding="utf-8" ?>
<siteMap xmlns="http://schemas.microso ft.com/AspNet/SiteMap-File-1.0" >
<siteMapNode url="~/Default.aspx" title="Home">
<siteMapNode
url="~/MemberPages/Desktop.aspx?pi d=2"
title=" Plain User Home |"
description="Pl ain User Home Page"
roles="PLAIN_US ER" />
<siteMapNode
url="~/MemberPages/Desktop.aspx?pi d=1"
title=" Amdin User Home |"
description="Ad min Home Page"
roles="ADMIN_US ER" />
</siteMapNode>
</siteMap>
However, both the "Plain User Home" and "Admin User Home" appear in the
menu. Shouldn't the roles restricted in the sitemap override the
authorization in the web.config?
Thanks