[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 566
  • Last Modified:

Security Trimming asp.net 2.0

Hi Experts.

I'm having trouble setting up my required security model on my site.

I have a menu control (Actually its a RADMenu from Telerik biut it should behave the same).

I have 2 types of user, anonymous and logged it, each logged in user will have their unique ID.

I have set up authentication to limit the access to folders, and this works, as when you try to go to a page from the menus it errors if you are not logged in.

I want to hide those menu items that the user is not entitled to see, is this possible as I have no roles set up.

If I set up roles, how do I give anonymous users access to those areas they can see.

I've been playing with this for ages now, and you are my last change before I dynamically add menu items in code to the menu when users log in.

Andy
0
Andy Green
Asked:
Andy Green
  • 6
  • 3
2 Solutions
 
David RobitailleAnalyst ProgrammerCommented:
just a good link on that :
http://aspnet.4guysfromrolla.com/articles/122805-1.aspx 
i dont know about the RADMenu but does it use a site map?
if yes, the idea is to use roles="?" for anonymous and roles="*" for logged in.
0
 
Andy GreenAuthor Commented:
Thanks, yes Radmenu used the sitemap, to all intents and purposed its the same as the standard menu, but with loads more features.
Andy
0
 
David RobitailleAnalyst ProgrammerCommented:
Then that should work. but dont forget to configure Site Navigation to Use Security Trimmings by adding securityTrimmingEnabled="true" in the Web.config (like it`s said in the link i provided)
 
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
Andy GreenAuthor Commented:
Right, that didn't work.
Here is a section from my site map

<siteMapNode url="~/Profile/" title="EYFS Profiles" description="EYFS Profiles" roles="*" /> *****if i replace the * with ? for anonymous I get the error 'Authorization rule names cannot contain the '?' character.'
The security all works in that if I try to access a page that is locked i'm redirected to the login page. What I want to do is hide the menu items until users are logged in.
Following the 4guys article I enabled security trimming, and all the menus disappeared as they should, the article says that you dont need roles (I dont) so I assumed it would just work based on the lock down in the web config, but it doesn't so I assume you have to have roles, the 4 guys does't explain past that apart from saying it can be done without roles.
As I've said above if I try to open up the menus by using ? it errors.
Also I have gone back to the standard menu control, and it behves the same as the radmenu. I'll stick with the standard on until i get it working to remove another variable.
Any Ideas.
 
Andy
0
 
Andy GreenAuthor Commented:
Also forgot to say that menus do not appear after login.
A
0
 
David RobitailleAnalyst ProgrammerCommented:
Hummm... I just checked this :
http://msdn.microsoft.com/en-us/library/ms178428.aspx
I guess you should set up roles and set all the nodes you want to be restricted to that roles. the others (for anonymous)  should be set to "*"
0
 
Andy GreenAuthor Commented:
Update
I've enabled roles and created a role, given that role access to the node in the site map, and..... nothing, I've played with authorisation even granting allow users = * and still nothing.
Its as soon as I add security trimming = true that menus disappear but I cant get them to show no matter what combination of Autorisation, Allow, Location, etc settings I use.
I have gone through 10's of  google links when you search on 'Security Trimmimg' and I'm doing what they say.
I can use the web admin tool to set up users and roles and permissions so the providers are working.
Any Ideas, before I go and do a course to be a plumber?
Andy
0
 
Andy GreenAuthor Commented:
Update
I've downloaded the example from davrob60 above from 4 guys and it works OK, I've meticulously made my web configs and site map file the same (using my roles etc) and it doesn't work, so it must be the way I've got the database set up, I'm using an external SQL 2005.
The stragne thing is the web tool writes everythnig back to my database OK.
Andy
0
 
Andy GreenAuthor Commented:
FIXED IT.
The problem was I had the top node in my sitemap, with no URL and didn't have roles=*, this wass the first node of the navigation, and could not get a valid permission for it, so everything underneath it was blocked.
Andy
0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

  • 6
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now