Security Trimming asp.net 2.0

Hi Experts.

I'm having trouble setting up my required security model on my site.

I have a menu control (Actually its a RADMenu from Telerik biut it should behave the same).

I have 2 types of user, anonymous and logged it, each logged in user will have their unique ID.

I have set up authentication to limit the access to folders, and this works, as when you try to go to a page from the menus it errors if you are not logged in.

I want to hide those menu items that the user is not entitled to see, is this possible as I have no roles set up.

If I set up roles, how do I give anonymous users access to those areas they can see.

I've been playing with this for ages now, and you are my last change before I dynamically add menu items in code to the menu when users log in.

Andy
LVL 3
Andy GreenAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David RobitailleAnalyst ProgrammerCommented:
just a good link on that :
http://aspnet.4guysfromrolla.com/articles/122805-1.aspx 
i dont know about the RADMenu but does it use a site map?
if yes, the idea is to use roles="?" for anonymous and roles="*" for logged in.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Andy GreenAuthor Commented:
Thanks, yes Radmenu used the sitemap, to all intents and purposed its the same as the standard menu, but with loads more features.
Andy
0
David RobitailleAnalyst ProgrammerCommented:
Then that should work. but dont forget to configure Site Navigation to Use Security Trimmings by adding securityTrimmingEnabled="true" in the Web.config (like it`s said in the link i provided)
 
0
HTML5 and CSS3 Fundamentals

Build a website from the ground up by first learning the fundamentals of HTML5 and CSS3, the two popular programming languages used to present content online. HTML deals with fonts, colors, graphics, and hyperlinks, while CSS describes how HTML elements are to be displayed.

Andy GreenAuthor Commented:
Right, that didn't work.
Here is a section from my site map

<siteMapNode url="~/Profile/" title="EYFS Profiles" description="EYFS Profiles" roles="*" /> *****if i replace the * with ? for anonymous I get the error 'Authorization rule names cannot contain the '?' character.'
The security all works in that if I try to access a page that is locked i'm redirected to the login page. What I want to do is hide the menu items until users are logged in.
Following the 4guys article I enabled security trimming, and all the menus disappeared as they should, the article says that you dont need roles (I dont) so I assumed it would just work based on the lock down in the web config, but it doesn't so I assume you have to have roles, the 4 guys does't explain past that apart from saying it can be done without roles.
As I've said above if I try to open up the menus by using ? it errors.
Also I have gone back to the standard menu control, and it behves the same as the radmenu. I'll stick with the standard on until i get it working to remove another variable.
Any Ideas.
 
Andy
0
Andy GreenAuthor Commented:
Also forgot to say that menus do not appear after login.
A
0
David RobitailleAnalyst ProgrammerCommented:
Hummm... I just checked this :
http://msdn.microsoft.com/en-us/library/ms178428.aspx
I guess you should set up roles and set all the nodes you want to be restricted to that roles. the others (for anonymous)  should be set to "*"
0
Andy GreenAuthor Commented:
Update
I've enabled roles and created a role, given that role access to the node in the site map, and..... nothing, I've played with authorisation even granting allow users = * and still nothing.
Its as soon as I add security trimming = true that menus disappear but I cant get them to show no matter what combination of Autorisation, Allow, Location, etc settings I use.
I have gone through 10's of  google links when you search on 'Security Trimmimg' and I'm doing what they say.
I can use the web admin tool to set up users and roles and permissions so the providers are working.
Any Ideas, before I go and do a course to be a plumber?
Andy
0
Andy GreenAuthor Commented:
Update
I've downloaded the example from davrob60 above from 4 guys and it works OK, I've meticulously made my web configs and site map file the same (using my roles etc) and it doesn't work, so it must be the way I've got the database set up, I'm using an external SQL 2005.
The stragne thing is the web tool writes everythnig back to my database OK.
Andy
0
Andy GreenAuthor Commented:
FIXED IT.
The problem was I had the top node in my sitemap, with no URL and didn't have roles=*, this wass the first node of the navigation, and could not get a valid permission for it, so everything underneath it was blocked.
Andy
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
.NET Programming

From novice to tech pro — start learning today.