SiteMapProvider and userid

  • Thread starter Thread starter Brook
  • Start date Start date
B

Brook

Hey everyone,

My scenario is as follows:
In my website the users session id is constantly passed from page to page on
the URL. I have one main menu that appears the same on each page, one of the
menu items has a set of child items that only appear on hover over.
Essentially, no matter which page the user is on, i want the user id to be
appended to each of the urls in the menu. A further complication is that my
child menu items are dynamic on a day-to-day basis, so they need to come from
a custom datasource.

So far, i've implemented my own SiteMapProvider that inherits from the
StaticSiteMapProvider. I've got it to read the static part of the menu from a
sitemap xml file and then dynamically append the other items from a different
source. But getting the userid to work is causing me real problems.

I've seen quite a few examples that suggest you should handle the
SiteMapResolve event (i think it's called that). But all the examples i've
seen only append QueryString parameters to the current node and all parent
nodes... whereas what i want to do is append QueryString parameters onto
every possible item in the menu that the user might click on - and that's the
whole thing.

So, my last attempt was to handle SiteMapResolve and return from it the root
node cloned with each item underneath cloned as well (had to write a deep
clone function) with required user session id appended to all urls. But the
node i return doesn't seem to be used in the rendered menu... so i think i've
got the wrong end of the stick with that.

I really hope someone else has managed this - or can point me in the right
direction.

Apologies for the long post

thanks,
Andrew
 
I would ask this in the forums at www.asp.net, as I would bet someone has
already solve this. I have not, personally, but I see no reason you cannot
walk the entire tree appending the ?userid=### to the URL.

Personally, I think this is unwise, unless you are encoding or encrypting
the ID using a variable salt, as a user can use your scheme to log in as an
administrator, if they only know his unique id. I would not like that
security hole, personally.

--
Gregory A. Beamer
MVP, MCP: +I, SE, SD, DBA

Subscribe to my blog
http://gregorybeamer.spaces.live.com/lists/feed.rss

or just read it:
http://gregorybeamer.spaces.live.com/

********************************************
| Think outside the box! |
********************************************
 
Back
Top