• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 568
  • Last Modified:

Security Trimming asp.net 2.0

Hi Experts.

I'm having trouble setting up my required security model on my site.

I have a menu control (Actually its a RADMenu from Telerik biut it should behave the same).

I have 2 types of user, anonymous and logged it, each logged in user will have their unique ID.

I have set up authentication to limit the access to folders, and this works, as when you try to go to a page from the menus it errors if you are not logged in.

I want to hide those menu items that the user is not entitled to see, is this possible as I have no roles set up.

If I set up roles, how do I give anonymous users access to those areas they can see.

I've been playing with this for ages now, and you are my last change before I dynamically add menu items in code to the menu when users log in.

Andy
0
Andy Green
Asked:
Andy Green
  • 6
  • 3
2 Solutions
 
David RobitailleAnalyst ProgrammerCommented:
just a good link on that :
http://aspnet.4guysfromrolla.com/articles/122805-1.aspx 
i dont know about the RADMenu but does it use a site map?
if yes, the idea is to use roles="?" for anonymous and roles="*" for logged in.
0
 
Andy GreenAuthor Commented:
Thanks, yes Radmenu used the sitemap, to all intents and purposed its the same as the standard menu, but with loads more features.
Andy
0
 
David RobitailleAnalyst ProgrammerCommented:
Then that should work. but dont forget to configure Site Navigation to Use Security Trimmings by adding securityTrimmingEnabled="true" in the Web.config (like it`s said in the link i provided)
 
0
Cloud Class® Course: Amazon Web Services - Basic

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

 
Andy GreenAuthor Commented:
Right, that didn't work.
Here is a section from my site map

<siteMapNode url="~/Profile/" title="EYFS Profiles" description="EYFS Profiles" roles="*" /> *****if i replace the * with ? for anonymous I get the error 'Authorization rule names cannot contain the '?' character.'
The security all works in that if I try to access a page that is locked i'm redirected to the login page. What I want to do is hide the menu items until users are logged in.
Following the 4guys article I enabled security trimming, and all the menus disappeared as they should, the article says that you dont need roles (I dont) so I assumed it would just work based on the lock down in the web config, but it doesn't so I assume you have to have roles, the 4 guys does't explain past that apart from saying it can be done without roles.
As I've said above if I try to open up the menus by using ? it errors.
Also I have gone back to the standard menu control, and it behves the same as the radmenu. I'll stick with the standard on until i get it working to remove another variable.
Any Ideas.
 
Andy
0
 
Andy GreenAuthor Commented:
Also forgot to say that menus do not appear after login.
A
0
 
David RobitailleAnalyst ProgrammerCommented:
Hummm... I just checked this :
http://msdn.microsoft.com/en-us/library/ms178428.aspx
I guess you should set up roles and set all the nodes you want to be restricted to that roles. the others (for anonymous)  should be set to "*"
0
 
Andy GreenAuthor Commented:
Update
I've enabled roles and created a role, given that role access to the node in the site map, and..... nothing, I've played with authorisation even granting allow users = * and still nothing.
Its as soon as I add security trimming = true that menus disappear but I cant get them to show no matter what combination of Autorisation, Allow, Location, etc settings I use.
I have gone through 10's of  google links when you search on 'Security Trimmimg' and I'm doing what they say.
I can use the web admin tool to set up users and roles and permissions so the providers are working.
Any Ideas, before I go and do a course to be a plumber?
Andy
0
 
Andy GreenAuthor Commented:
Update
I've downloaded the example from davrob60 above from 4 guys and it works OK, I've meticulously made my web configs and site map file the same (using my roles etc) and it doesn't work, so it must be the way I've got the database set up, I'm using an external SQL 2005.
The stragne thing is the web tool writes everythnig back to my database OK.
Andy
0
 
Andy GreenAuthor Commented:
FIXED IT.
The problem was I had the top node in my sitemap, with no URL and didn't have roles=*, this wass the first node of the navigation, and could not get a valid permission for it, so everything underneath it was blocked.
Andy
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 6
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now