Coupling of SiteMapProvider and authorization "provider"

Topics: User Forum
Sep 14, 2008 at 8:08 AM

I'm working on a custom CMS system, and am considering architecting it to use well known elements of the ASP.Net framework.

In particular I am interested in navigation and authorization.

In researching this, I can't see how a SiteMapProvider is decoupled from the Url Authorization technique when security trimming is enabled.

It appears to me that the SiteMapProvider (custom or otherwise) has explicit knowledge of how the authorization for a url is configured.  For example the XmlSiteMapProvider seems to have knowledge of UrlAuthorizationModule/authorization elements within web.config.

Am I missing something?