Home/ Questions/Q 591293
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-13T15:37:10+00:00

i have a custom SiteMapProvider which I populate from a database. I also have

  • 0

i have a custom SiteMapProvider which I populate from a database. I also have a custom SiteMapNode which has to be constructed with a custom Page argument.

The implementation of SiteMapProvider.IsAccessibleToUser(context, node) is now:

Public Overrides Function IsAccessibleToUser(context, node) As Boolean
    Return CType(node, CustomSiteMapNode).Page.IsAccessibleToUser(context.User)
End Function

I also have a custom authentication class-attribute: 

Public Class ValidateAuthorization : Inherits AuthorizeAttribute
    Public Sub New()

    End Sub

    Protected Overrides Function AuthorizeCore(context) As Boolean
        If Not CType(SiteMap.CurrentNode, JrcSiteMapNode).Page.IsAccessibleToUser(httpContext.User) Then
            Throw New ApplicationException()
        End If

        Return True
    End Function
End Class

Two questions:

  1. Should I return false in AuthorizeCore() to have everything work according to default authorization protocols? (What are these?) Or should I throw my exception..?
  2. SiteMap.CurrentNode is Null / Nothing (in AuthorizeCore()) if the page which is requested is not accessible to the user (obviously). How should I change my implementation? I want to keep the functionality that the Page objects are only loaded once, so I need to store them somewhere… I’m very confused / mental blocking.
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I currently have 2 sitemaps. One with, and one without security trimming enabled.

    • 0