How does XmlSiteMapProvider check user to be in specified role?

Question

I roll my own SiteMapProvider inheriting System.Web.XmlSiteMapProvider.

I want to override logic of checking user to be in a role specified in siteMapNode's property roles:

<siteMapNode url="Add.aspx?type=user" title="Add user" roles="admin" />

How can I do that? Which class's member does XmlSiteMapProvider call to check that if securityTrimmingEnabled="true"?

Answer 1

abatishchev is close but does not provide a clear guidance. Calling base will apply the default asp.net access control rules. If you have custom rules, simply make your decision and return a bool.

public override bool IsAccessibleToUser(HttpContext context, SiteMapNode node)
{
     // use the properties of the context and node to determine accessibility.

     // only call base if you do not want to apply your custom rules
     // return base.IsAccessibleToUser(context, node);
}

Answer 2

public override bool IsAccessibleToUser(HttpContext context, SiteMapNode node)
{
     var roles = node.Roles; // here it is!
     return base.IsAccessibleToUser(context, node);
}

Answer 3

Easiest, if someone wants a answer on this one is to add this to your web.config

<siteMap defaultProvider="XmlSiteMapProvider" enabled="true">
    <providers>
      <clear/>
      <add name="XmlSiteMapProvider"
           description="Default Sitemap Provider"
           type="System.Web.XmlSiteMapProvider"
           siteMapFile="Web.sitemap"
           securityTrimmingEnabled="true"/>
    </providers>
  </siteMap>

then in your sitemap you can add the attribute roles="something"