Creating a role based ASP.NET menu using sitemap control for ADFS authentication mechanism

StackOverflow https://stackoverflow.com/questions/8189101

  •  04-03-2021
  •  | 
  •  

Question

I am currently using ADFS authentication mechanism to authenticate the user. In that case I am setting authenticationmode as None instead of forms authentication. After the user loggedIn successfully the claims object will provide the role data associated with the loggedIn user so in that case how the sitemap roles attribute will be able to pick up the role from the claims object. Can you explain me how the securityTrimmingEnabled property will be used.

I used the custom class ADFSRoleProvider.cs which inherits the RoleProvider class and overridden the method GetRolesForUser method but the method is not invoked unless I am setting the

<authentication mode="Forms"/>

and this in turn is also not able to interact with the roles attribute mentioned in the siteMapNode node.

The main issue is after the user logins in successfully using the ADFS authentication mechanism how will the sitemap role attribute know about the role of the loggedIn User.

Could please provide some code sample and help regarding the above mentioned issue.

Was it helpful?

Solution

Are you sure that a custom role provider is necessary? The IClaimsPrincipal object provides roles for the user, it takes your claims of type ClaimTypes.Role.

It could be that your issue is caused by some inconsistencies in the securityTrimming implementation. Years ago I had to write my own sitemap provider to correctly handle the trimming.

   public class XmlSiteMapDefaultProvider : XmlSiteMapProvider
   {
    public override bool IsAccessibleToUser( HttpContext context, SiteMapNode node )
    {
        if ( node.Roles.Count > 0 )
        {
            foreach ( string role in node.Roles )
                if ( role == "*" &&
                     context.User != null &&
                     context.User.Identity != null &&
                     context.User.Identity.IsAuthenticated
                     )
                    return true;
                else
                {
                    if ( context.User != null )
                        if ( context.User.IsInRole( role ) )
                            return true;
                }

            return false;
        }

        return true;
    }
}

Just register it in the web.config as your SiteMapProvider:

<siteMap enabled ="true" defaultProvider="XmlSiteMapDefaultProvider">
  <providers>
    <add name="XmlSiteMapDefaultProvider" type="XmlSiteMapDefaultProvider" siteMapFile="Web.sitemap" securityTrimmingEnabled="true" />
  </providers>
</siteMap>
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top