PageSiteMap and securityTrimmingEnabled="true"

Topics: Controls
Oct 22, 2007 at 6:26 AM
I am just getting BlogEngine and really like what I am seeing. Here is what I am trying to do (and not having any luck).

I want to be able to secure the pages that are created and built dynamically with PageSiteMap so that only certain roles can see them. I have modifed the code to do the following...

public override Page SelectPage(Guid id)
{
string fileName = _Folder + "pages" + Path.DirectorySeparatorChar + id.ToString() + ".xml";
XmlDocument doc = new XmlDocument();
doc.Load(fileName);

Page page = new Page();

page.Title = doc.SelectSingleNode("page/title").InnerText;
page.Description = doc.SelectSingleNode("page/description").InnerText;
page.Content = doc.SelectSingleNode("page/content").InnerText;
page.Keywords = doc.SelectSingleNode("page/keywords").InnerText;

if (doc.SelectSingleNode("page/parent") != null)
page.Parent = new Guid(doc.SelectSingleNode("page/parent").InnerText);

if (doc.SelectSingleNode("page/isfrontpage") != null)
page.IsFrontPage = bool.Parse(doc.SelectSingleNode("page/isfrontpage").InnerText);

if (doc.SelectSingleNode("page/showinlist") != null)
page.ShowInList = bool.Parse(doc.SelectSingleNode("page/showinlist").InnerText);

if (doc.SelectSingleNode("page/ispublished") != null)
page.IsPublished = bool.Parse(doc.SelectSingleNode("page/ispublished").InnerText);

page.DateCreated = DateTime.Parse(doc.SelectSingleNode("page/datecreated").InnerText, CultureInfo.InvariantCulture);
page.DateModified = DateTime.Parse(doc.SelectSingleNode("page/datemodified").InnerText, CultureInfo.InvariantCulture);

// Load the Roles
foreach (XmlNode node in doc.SelectNodes("page/roles/role"))
{
if (!string.IsNullOrEmpty(node.InnerText))
page.Roles.Add(node.InnerText);
}

return page;
}

public override SiteMapNodeCollection GetChildNodes(SiteMapNode node)
{
SiteMapNodeCollection col = new SiteMapNodeCollection();
Guid id = new Guid(node.Key);
foreach (Page page in Page.Pages)
{
if ((page.IsPublished || Thread.CurrentPrincipal.Identity.IsAuthenticated) && page.Parent == id && page.ShowInList)
{
SiteMapNode innerNode = new SiteMapNode(this, page.Id.ToString(), page.RelativeLink.ToString(),
page.Title, page.Description, page.Roles, null, null, null);

col.Add(innerNode);
}
}

return col;
}

and I have modifed the XML to look like such for a page...

<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<page>
<title>Member Services</title>
<description />
<content>Things for Members
</content>
<keywords />
<parent>00000000-0000-0000-0000-000000000000</parent>
<isfrontpage>False</isfrontpage>
<showinlist>True</showinlist>
<ispublished>True</ispublished>
<datecreated>2007-10-21 20:26:12</datecreated>
<datemodified>2007-10-21 20:26:12</datemodified>
<roles>
<role>Member</role>
</roles>
</page>

i CAN SEE TGHE public override SiteMapNodeCollection GetChildNodes(SiteMapNode node)
{
SiteMapNodeCollection col = new SiteMapNodeCollection();
Guid id = new Guid(node.Key);
foreach (Page page in Page.Pages)
{
if ((page.IsPublished || Thread.CurrentPrincipal.Identity.IsAuthenticated) && page.Parent == id && page.ShowInList)
{
SiteMapNode innerNode = new SiteMapNode(this, page.Id.ToString(), page.RelativeLink.ToString(),
page.Title, page.Description, page.Roles, null, null, null);

col.Add(innerNode);
}
}

return col;
}

I can see the roles are loaded from the XML and they are set in the Page. I can also see the roles being set in the SiteMapNode, but even when I am not logged in the pages still appear in the menu that I have added to the page.

Oh, I did add this to web.config also.

<add name="PageSiteMap" description="The site map provider that reads in the .sitemap XML files." type="BlogEngine.Core.Web.Controls.PageSiteMap" securityTrimmingEnabled="true"/>

Any thoughts?