Adding Custom Attributes to MVC.Sitemap

Oct 7, 2010 at 7:40 AM

Hi Maarten 
First of all congratulations on the production of a fantastic control, this truly seems like something that Microsoft should be made aware of for the next release of MVC as this solution meets the needs of the MVC developer far more aptly than the standard ASP.NET sitemapprovider. 

However, In saying that it does not quite meet my needs and I was wondering if it would be possible to extend your control in the same way I have extended the standard sitemapprovider for 2.0. 

My requirement is to add custom attributes (such as userarea="*" userlevel="*") to the MVC.Sitemap so that I can test permissions based a custom session object that I create when a user logs into our site. In ASP.NET 2.0 I achieved this by and overriding the standard isAccessibleToUser method as in Alex Thissen's example I could use the same technique as before however with the MVC model being so different I think it would be a shame to have to modify my route map so that only one address maps to each controller as is being suggested by the ASP.NET article: 

My vain attempt at trying to decipher your source was rather humbling. Any help would be most appreciated. 

Sorry for double posting on your website also but I realised this was the appropriate channel only after posting there!


Oct 7, 2010 at 8:19 AM

Custom attributes are supported, there's only one extra step: in the Web.config specify the "attributesToIgnore" attribute and list your custom attributes there. This will prevent them from being used as route values.

Oct 7, 2010 at 9:07 AM

Thanks Maarten, that answers the first part of my question but how do I provide custom securityTrimming of these custom attributes based on my own security model. The way I achieved this previously was to override the isAccessibleToUser method so that I could do the following:

Public Class CustomSiteMapProvider

Inherits XmlSiteMapProvider 


Public Overloads Overrides Function IsAccessibleToUser(ByVal context As HttpContext, ByVal node As SiteMapNode) As Boolean

'Populate a local variable with the current users logged in status

  Dim currentUser As iLoginUser = CType(context.Session("currentiLoginUser"), iLoginUser)


Dim userArea_MatchFound As Boolean = False

If node("userarea") = "*" Then

  'userArea is available to all users so not need to set IsAccessibleToUser = false


Dim userareas As String() = node("userarea").Split(CChar(","))

For Each strArea As String In userareas

if CDbl(strArea) = currentUser.sessionAccessLevel.userAreaID

userArea_MatchFound = True

End if


If userAreaMatchFound = False Then : Return False

End If


'return the default value if no exception conditions are met

IsAccessibleToUser = True


End function

End Class


Apologies if this seems like a remedial question but I could not find anything in the documentation that seems to suit my needs.

Oct 7, 2010 at 10:40 AM

You can hook in your own ACL module (check Basically this means that you can override how MvcSiteMap handles ACL of a sitemap node. Implementing IAclModule and registering your type in Web.config should do the trick.