Dovberman
asked on
Sitemap Admin Menu Node does not Display
The Admin menu does not display when the Admin user logs on.
<siteMapNode title="Admin" name ="mnuAdmin" description="Administratio n"
id="Admin" roles ="Admin" >
<siteMapNode title="High Performers" description="High Performers"
url="~/Admin/FindPriceExce ptions.asp x" />
The menu is displayed when roles = "*"
Login user is correct when Admin logs on
// Validate user in Subscription table
strUserID = currentUser.ProviderUserKe y.ToString ();
?strUserID
"0a742a71-b5d5-4e00-9e5f-b d3c82b5936 a"
========
Membership database
RoleId for Admin = D93C9B3FB-346E-4DCE-85E4-D 3065CAF354 8
Admin UserId = 0a742a71-b5d5-4e00-9e5f-bd 3c82b5936a
========
Web.Config
<authorization>
<!-- Only Admin can access Admin folder pages-->
<allow roles="Admin"/>
<allow users="*"/>
</authorization>
<siteMap defaultProvider="XmlSiteMa pProvider" enabled="true">
<providers>
<add name="XmlSiteMapProvider"
siteMapFile="Web.siteMap"
type="System.Web.XmlSiteMa pProvider"
securityTrimmingEnabled="t rue"/>
</providers>
</siteMap>
<location path="Admin">
</location>
The application behaves as if the Admin role is being ignored.
What should I change?
Thank you.
<siteMapNode title="Admin" name ="mnuAdmin" description="Administratio
id="Admin" roles ="Admin" >
<siteMapNode title="High Performers" description="High Performers"
url="~/Admin/FindPriceExce
The menu is displayed when roles = "*"
Login user is correct when Admin logs on
// Validate user in Subscription table
strUserID = currentUser.ProviderUserKe
?strUserID
"0a742a71-b5d5-4e00-9e5f-b
========
Membership database
RoleId for Admin = D93C9B3FB-346E-4DCE-85E4-D
Admin UserId = 0a742a71-b5d5-4e00-9e5f-bd
========
Web.Config
<authorization>
<!-- Only Admin can access Admin folder pages-->
<allow roles="Admin"/>
<allow users="*"/>
</authorization>
<siteMap defaultProvider="XmlSiteMa
<providers>
<add name="XmlSiteMapProvider"
siteMapFile="Web.siteMap"
type="System.Web.XmlSiteMa
securityTrimmingEnabled="t
</providers>
</siteMap>
<location path="Admin">
</location>
The application behaves as if the Admin role is being ignored.
What should I change?
Thank you.
ASKER
<location path="Admin">
<authorization>
<!-- Only Admin can access Admin folder pages-->
<allow roles="Admin"/>
<allow users="*"/>
</authorization>
</location>
System.Web has an invalid child element, location
location is a child element of which parent?
Thanks,
<authorization>
<!-- Only Admin can access Admin folder pages-->
<allow roles="Admin"/>
<allow users="*"/>
</authorization>
</location>
System.Web has an invalid child element, location
location is a child element of which parent?
Thanks,
Location stays outside of system.web
ASKER
I get this error:
HTTP Error 500.19 - Internal Server Error
The requested page cannot be accessed because the related configuration data for the page is invalid.
Detailed Error Information:
Module
IIS Web Core
Notification
Unknown
Handler
Not yet determined
Error Code
0x80070032
Config Error
The configuration section 'authorization' cannot be read because it is missing a section declaration
Config File
\\?\c:\users\dovberman\doc uments\vis ual studio 2012\Projects\StockProNew1 \StockProN ew1\web.co nfig
======
</system.web>
<location path="Admin">
<authorization>
<!-- Only Admin can access Admin folder pages-->
<allow roles="Admin"/>
<allow users="*"/>
</authorization>
</location>
HTTP Error 500.19 - Internal Server Error
The requested page cannot be accessed because the related configuration data for the page is invalid.
Detailed Error Information:
Module
IIS Web Core
Notification
Unknown
Handler
Not yet determined
Error Code
0x80070032
Config Error
The configuration section 'authorization' cannot be read because it is missing a section declaration
Config File
\\?\c:\users\dovberman\doc
======
</system.web>
<location path="Admin">
<authorization>
<!-- Only Admin can access Admin folder pages-->
<allow roles="Admin"/>
<allow users="*"/>
</authorization>
</location>
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
Very helpful. Thanks.
I have a folder named Admin
Should my statement read <location path="Admin"> ?
<location path="AdminFolder">
<system.web>
<authorization>
<allow roles="Admin"/> //Allows users in Admin role
<deny users="*"/> // deny everyone else
</authorization>
</system.web>
</location>
====
Does this mean that the web.config folder is in the Admin folder?
Web.config in AdminFolder should look like:
<configuration>
<system.web>
<authorization>
<allow roles="Admin"/> //Allows users in Admin role
<deny users="*"/> // deny everyone else
</authorization>
</system.web>
</configuration>
=====
The real question is:
How do I get the Admin menu node to display in site.menu only if Admin logs on.
See original request:
The Admin menu does not display when the Admin user logs on.
I have a folder named Admin
Should my statement read <location path="Admin"> ?
<location path="AdminFolder">
<system.web>
<authorization>
<allow roles="Admin"/> //Allows users in Admin role
<deny users="*"/> // deny everyone else
</authorization>
</system.web>
</location>
====
Does this mean that the web.config folder is in the Admin folder?
Web.config in AdminFolder should look like:
<configuration>
<system.web>
<authorization>
<allow roles="Admin"/> //Allows users in Admin role
<deny users="*"/> // deny everyone else
</authorization>
</system.web>
</configuration>
=====
The real question is:
How do I get the Admin menu node to display in site.menu only if Admin logs on.
See original request:
The Admin menu does not display when the Admin user logs on.
There are two ways you can secure Admin folder:
1: You place <location> in your main root web.config
or
2: You can add a web.config to your Admin folder. Then in that web.config you add the <authentication> section directly into the <system.web> and not the location.
I think the link covers both the cases.
So which web.config are you adding the permission settings?
To troubleshoot your issue:
- After you login, navigate to some page in Admin folder by typing directly in the browser address bar.
If you get redirected back to login page then for some reason the roles aren't detected.
And if you are allowed to go to Admin page, it could be settings issue.
1: You place <location> in your main root web.config
or
2: You can add a web.config to your Admin folder. Then in that web.config you add the <authentication> section directly into the <system.web> and not the location.
I think the link covers both the cases.
So which web.config are you adding the permission settings?
To troubleshoot your issue:
- After you login, navigate to some page in Admin folder by typing directly in the browser address bar.
If you get redirected back to login page then for some reason the roles aren't detected.
And if you are allowed to go to Admin page, it could be settings issue.
ASKER
I have only one web.admin file. It is in the root folder.
I will work on this based on the information you have provided.
Thanks,
I will work on this based on the information you have provided.
Thanks,
ASKER
None of these techniques work. This may be an issue with Windows 8. this was working perfectly for 3 years when the same code was used with Windows 7.
This is the work-around that works:
Only Admin has access to AdminMenu.aspx.
<location path="~/Admin/AdminMenu.as px">
<system.web>
<authorization>
<!-- Only Admin can access Admin folder pages-->
<allow users="Admin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
Site.Map has a AdminMenu node which opens the AdminMenu page.
The AdminMenu page is in the Admin folder.
<siteMapNode title="AdminMenu" description="Admin Menu"
url="~/Admin/AdminMenu.asp x" roles ="Admin"/>
AdminMenu contains a list of links that open the Admin pages.
The links are not visible until Admin logs in.
AdminMenu.aspx contains a log control in a table cell and the links to Admin pages in another table cell.
<asp:TableRow>
<asp:TableCell ID="celLogin">
<asp:Login ID="StockProLogin" runat="server" BackColor="#EFF3FB"
BorderColor="#B5C7DE" BorderPadding="4" BorderStyle="Solid" BorderWidth="1px"
Font-Names="Arial" ForeColor="#0066FF" Font-Size="8pt"
===================
<asp:TableCell ID="celMenu" >
<ul>
<li><a id="mnuHiPerf" runat="server" href="~/Admin/FindPriceExc eptions.as px">High Performers</a></li>
<li><a id="mnuWatchList" runat="server" href="~/Admin/WatchListNew .aspx" >Manage Watch List</a></li>
<li><a id="mnuScoreStocks" runat="server" href="~/Contact" >Score Stocks</a></li>
======
AdminMenu Code behind
protected void Page_Load(object sender, EventArgs e)
{
celMenu.Visible = false;
if (!IsPostBack)
{
StockProLogin.Focus();
mnuScoreStocks.Visible = false;
celMenu.Visible = false;
}
}
The celMenu visible property is set to true if the Admin Login is successful.
if (e.Authenticated == true)
{
strUserName = StockProLogin.UserName;
strUserID = currentUser.ProviderUserKe y.ToString ();
string strLoginText = "Hi " + StockProLogin.UserName + " You are logged in";
lblLoginMsg.Text = strLoginText;
celMenu.Visible = true;
}
else // User is not in database
{
e.Authenticated = false;
StockProLogin.FailureText = StockProLogin.UserName + ". You were not found. Re-enter User Name and or Password.";
}
This is clunky, but it works.
I have spent 5 days working on the documented web.config secure methods
This is the work-around that works:
Only Admin has access to AdminMenu.aspx.
<location path="~/Admin/AdminMenu.as
<system.web>
<authorization>
<!-- Only Admin can access Admin folder pages-->
<allow users="Admin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
Site.Map has a AdminMenu node which opens the AdminMenu page.
The AdminMenu page is in the Admin folder.
<siteMapNode title="AdminMenu" description="Admin Menu"
url="~/Admin/AdminMenu.asp
AdminMenu contains a list of links that open the Admin pages.
The links are not visible until Admin logs in.
AdminMenu.aspx contains a log control in a table cell and the links to Admin pages in another table cell.
<asp:TableRow>
<asp:TableCell ID="celLogin">
<asp:Login ID="StockProLogin" runat="server" BackColor="#EFF3FB"
BorderColor="#B5C7DE" BorderPadding="4" BorderStyle="Solid" BorderWidth="1px"
Font-Names="Arial" ForeColor="#0066FF" Font-Size="8pt"
===================
<asp:TableCell ID="celMenu" >
<ul>
<li><a id="mnuHiPerf" runat="server" href="~/Admin/FindPriceExc
<li><a id="mnuWatchList" runat="server" href="~/Admin/WatchListNew
<li><a id="mnuScoreStocks" runat="server" href="~/Contact" >Score Stocks</a></li>
======
AdminMenu Code behind
protected void Page_Load(object sender, EventArgs e)
{
celMenu.Visible = false;
if (!IsPostBack)
{
StockProLogin.Focus();
mnuScoreStocks.Visible = false;
celMenu.Visible = false;
}
}
The celMenu visible property is set to true if the Admin Login is successful.
if (e.Authenticated == true)
{
strUserName = StockProLogin.UserName;
strUserID = currentUser.ProviderUserKe
string strLoginText = "Hi " + StockProLogin.UserName + " You are logged in";
lblLoginMsg.Text = strLoginText;
celMenu.Visible = true;
}
else // User is not in database
{
e.Authenticated = false;
StockProLogin.FailureText = StockProLogin.UserName + ". You were not found. Re-enter User Name and or Password.";
}
This is clunky, but it works.
I have spent 5 days working on the documented web.config secure methods
ASKER
Thank you for your persistence.
Glad you got some workaround...
From what I see above: <location path="~/Admin/AdminMenu.as px"> will only protect single page.
So you might want to test the scenario below to be sure your other Admin pages are secure:
1: Login as non-Admin user
2: Navigate to your other AdminPage i.e. say /Admin/WatchListNew.aspx by typing it inside the browser.
From what I see above: <location path="~/Admin/AdminMenu.as
So you might want to test the scenario below to be sure your other Admin pages are secure:
1: Login as non-Admin user
2: Navigate to your other AdminPage i.e. say /Admin/WatchListNew.aspx by typing it inside the browser.
2: Your authorization location should be like this:
Open in new window