ASP.net: Understanding sitemaps
One day Pete the web developer decided to build his friends a website using ASP.net.
He started out by creating a new web solution in his Visual Studio (yes the one he pirated from one of his friends) and added a masterpage to his solution, next he decided to create folders defining all their diverse interests.
Pete felt that navigation is paramount, so he added a sitemap to the website and dropped a menu onto his masterpage where he bound the menu to his sitemap.
<?xml version="1.0" encoding="utf-8" ?> <siteMap xmlns="http://schemas.microsoft.com/AspNet/SiteMap-File-1.0" > <siteMapNode> <siteMapNode url="~/Music/Default.aspx" title="Music" /> <siteMapNode url="~/History/Default.aspx" title="History" /> <siteMapNode title="Sport"> <siteMapNode url="~/Sport/Cricket/Default.aspx" title="Cricket"></siteMapNode> <siteMapNode url="~/Sport/Rugby/Default.aspx" title="Rugby"></siteMapNode> <siteMapNode url="~/Sport/Soccer/Default.aspx" title="Soccer"></siteMapNode> </siteMapNode> </siteMapNode> </siteMap>
Pete called his friends over (Jack & Paul) to have a look at his creation, immediately Jack noticed the Soccer menu item and cried out “Pete I am straight I don’t watch gay sports”
Soccer Officially Announces It Is Gay
Pete realised that he needed to add roles to his website (Gay, Straight Roles), so he wacked a MembershipProvider & RoleProvider (not discussed in this post) into his web.config and enabled security trimmings for his sitemap
<siteMap defaultProvider="XmlSiteMapProvider" enabled="true">
<providers>
<clear />
<add name="XmlSiteMapProvider"
type="System.Web.XmlSiteMapProvider"
siteMapFile="web.sitemap"
securityTrimmingEnabled="true" />
</providers>
</siteMap>
</system.web>
Next he altered his sitemap to include the needed roles, but for some reason it didnt work – can you spot the mistake he made?
<?xml version="1.0" encoding="utf-8" ?> <siteMap xmlns="http://schemas.microsoft.com/AspNet/SiteMap-File-1.0" > <siteMapNode roles="*"> <siteMapNode url="~/Music/Default.aspx" title="Music" /> <siteMapNode url="~/Fairies/Default.aspx" title="Fairies" roles="Gay" /> <siteMapNode title="Sport" roles="*"> <siteMapNode url="~/Sport/Cricket/Default.aspx" title="Cricket"></siteMapNode> <siteMapNode url="~/Sport/Rugby/Default.aspx" title="Rugby"></siteMapNode> <siteMapNode url="~/Sport/Soccer/Default.aspx" title="Soccer" roles="Gay"></siteMapNode> </siteMapNode> </siteMapNode> </siteMap>
For some strange reason the “Gay” nodes were still showing, even though Jack logged in using his “Straight” role.
After googling himself on google for a few hours, Pete decided to actually use google for something useful and had a look all over the web, to find out if other people are experiencing the same issue.
Pete eventually discovered the problem, one can’t define roles on a sitemapnode that include an url – it actually retrieves its visibility/accessibility from a location tag in the web.config. (Which makes sense from a security point of view – whats the use of hiding a page from a menu if we still have access to the page regardless)
So Pete fixed his sitemap by removing all the invalid roles (while wondering why Microsoft didn’t simply throw an exception if someone made this mistake)
<?xml version="1.0" encoding="utf-8" ?> <siteMap xmlns="http://schemas.microsoft.com/AspNet/SiteMap-File-1.0" > <siteMapNode roles="*"> <siteMapNode url="~/Music/Default.aspx" title="Music" /> <siteMapNode url="~/Fairies/Default.aspx" title="Fairies" /> <siteMapNode title="Sport" roles="*"> <siteMapNode url="~/Sport/Cricket/Default.aspx" title="Cricket"></siteMapNode> <siteMapNode url="~/Sport/Rugby/Default.aspx" title="Rugby"></siteMapNode> <siteMapNode url="~/Sport/Soccer/Default.aspx" title="Soccer"></siteMapNode> </siteMapNode> </siteMapNode> </siteMap>
And added the Gay locations to his web.config like this:
</system.web> <location path="Sport/Soccer"> <system.web> <authorization> <allow roles="Gay" /> <deny users="*" /> </authorization> </system.web> </location> <location path="Fairies"> <system.web> <authorization> <allow roles="Gay" /> <deny users="*" /> </authorization> </system.web> </location>
When Jack logs in, he now only sees the items he wants to see
Note:
If security isnt a concern, one can always alternative simply create a custom SiteMapProvider, where one can inforce the roles attribute on a sitemapnode containing an url .
using System; using System.Linq; using System.Web; namespace CSTruter.Web { public class SiteMapProvider : XmlSiteMapProvider { public override bool IsAccessibleToUser(HttpContext context, SiteMapNode node) { if (node.Roles.Count == 0) { return base.IsAccessibleToUser(context, node); } else { return (from role in node.Roles.OfType<String>() where context.User.IsInRole(role) || (role == "*") select role).Count() > 0; } } } }
Posted by - Christoff Truter
Date - 2010-07-17 15:12:02
Comments - 0
Date - 2010-07-17 15:12:02
Comments - 0
ASP.net Tip: Session State Service
Traditionally ASP sessions are dependent/bound to the process/machine that hosts it, which proves to be quite an annoying limitation - since whenever the process fails/recycles, or becomes unavailable (e.g. web server farm), session state is lost.
In ASP.net however, Microsoft added the ASP.net Session State Service in which they made it possible to move sessions outside the current process/machine – which means restarting/recycling a pool wont affect our sessions.
By default ASP.net sessions are still dependent/bound to the process/machine that hosts it, we need to enable/configure sessions to run out of process.
Lets have a look at how to do that.
First of all make sure that the ASP.Net State Service is started. (Generally its a good idea to set its
startup type to automatic)
Secondly within your web.config add/edit the sessionState node (located within the system.web node), like this:
<sessionState mode="StateServer" stateConnectionString="tcpip=localhost:42424" cookieless="false" timeout="20"/>
This enables the web application to connect to the state service (located on the localhost in this example)
Note: In IIS 7.0 and higher, Microsoft added an UI to manage session state configurations.
You might have noticed (from the screenshot at the top) that ASP.net supports different modes of session state e.g. In process (default), Custom, State Server (already discussed) and SQL Server.
The sessionState node used to configure SQL Server mode (storing sessions in the db), looks something like this:
<sessionState mode="SQLServer" sqlConnectionString="Server=.\sqlexpress;User ID=username;Password=password" />
In order to use SQL Server mode you need to run the following command, which creates a database etc within the specified SQL Server instance:
aspnet_regsql.exe -S .\sqlexpress -E -ssadd -sstype p
In some future post I will demonstrate how to create a custom session state store/handler.
ASP.net 4.0:
In ASP.net 4.0 Microsoft added an option to compress session state
<sessionState mode="StateServer" stateConnectionString="tcpip=localhost:42424" cookieless="false" timeout="20" compressionEnabled="true" />
Some sources:
http://msdn.microsoft.com/en-us/library/ms178586.aspx
http://msdn.microsoft.com/en-us/library/ms229862.aspx
http://technet.microsoft.com/en-us/library/cc732412(WS.10).aspx
http://msdn.microsoft.com/en-us/library/x28wfk74.aspx" target="_blank
Posted by - Christoff Truter
Date - 2010-07-08 17:51:46
Comments - 0
Date - 2010-07-08 17:51:46
Comments - 0
First 1 2 3 4 5 6 7 8 9 10 Last / 42 Pages (83 Entries)