It's often the simplest things that can take the most time to solve. So it was when I was setting up a web project to utilise the ASP.Net SiteMap provider. It was something I had done a few times before and was pretty sure I'd have it up and running in no time. The steps are pretty easy and there's plenty of help out there.

  • Enable FormsAuthenication, Membership/Role Provider, adding users/roles, Login page etc.
  • Create a web.sitemap file that contains the navigation hierarchy for your site

sitemap

  • Add a <siteMap> section to your web.config

 sitemap_config

  • Add your <location> sections in the web.config to restrict access to certain pages/folders based on roles.

sitemap_location

  • Drag on a Menu control on to your master page and your away

 

And I was, everything worked great except I wasn't getting my menu items to filter based on the <location> settings. For example, anonymous users were still able to see the UserManagement menu items. Bugger, this is what setting the securityTrimmingEnabled attribute of the <siteMap> element was supposed to do for me! And that's where I stayed scratching my head for way too long!

And the answer? Well it's a great example of a stupid feature of the SiteMap provider. If you don't set the enabled attribute of the <siteMap> element to true, this is exactly what happens. Once I did this I was away.

sitemap_config_enabled

Irritating and completely unnecessary attribute - why would I ever want to disable the SiteMap? And even when it's set it doesn't disable anything but the trimming!