Link to home
Create AccountLog in
Avatar of Dovberman
DovbermanFlag for United States of America

asked on

Sitemap Admin Menu Node does not Display

The Admin menu does not display when the Admin user logs on.

<siteMapNode title="Admin" name ="mnuAdmin" description="Administration"
                 id="Admin" roles ="Admin"  >

      <siteMapNode title="High Performers" description="High Performers"
                    url="~/Admin/FindPriceExceptions.aspx" />

The menu is displayed when roles = "*"

Login user is correct when Admin logs on

// Validate user in Subscription table
strUserID = currentUser.ProviderUserKey.ToString();

?strUserID
"0a742a71-b5d5-4e00-9e5f-bd3c82b5936a"
========
Membership database

RoleId for Admin = D93C9B3FB-346E-4DCE-85E4-D3065CAF3548
Admin UserId = 0a742a71-b5d5-4e00-9e5f-bd3c82b5936a
========
Web.Config

    <authorization>
        <!-- Only Admin can access Admin folder pages-->
        <allow roles="Admin"/>
        <allow users="*"/>
    </authorization>

    <siteMap defaultProvider="XmlSiteMapProvider" enabled="true">
      <providers>
        <add name="XmlSiteMapProvider"
             siteMapFile="Web.siteMap"
             type="System.Web.XmlSiteMapProvider"
             securityTrimmingEnabled="true"/>
      </providers>
    </siteMap>

<location path="Admin">

</location>

The application behaves as if the Admin role is being ignored.

What should I change?

Thank you.
Avatar of guru_sami
guru_sami
Flag of United States of America image

1: Try removing roles ="Admin" from the siteMapNode
2: Your authorization location should be like this:
<location path="Admin">
 <authorization>
        <!-- Only Admin can access Admin folder pages-->
        <allow roles="Admin"/>
        <deny users="*"/>
    </authorization>
</location>

Open in new window

Avatar of Dovberman

ASKER

<location path="Admin">
      <authorization>
        <!-- Only Admin can access Admin folder pages-->
        <allow roles="Admin"/>
        <allow users="*"/>
      </authorization>
    </location>

System.Web has an invalid child element, location

location is a child element of which parent?

Thanks,
Location stays outside of system.web
I get this error:


HTTP Error 500.19 - Internal Server Error

The requested page cannot be accessed because the related configuration data for the page is invalid.



Detailed Error Information:



Module
   IIS Web Core

Notification
   Unknown

Handler
   Not yet determined

Error Code
   0x80070032

Config Error
   The configuration section 'authorization' cannot be read because it is missing a section declaration  

Config File
   \\?\c:\users\dovberman\documents\visual studio 2012\Projects\StockProNew1\StockProNew1\web.config

======

</system.web>

  <location path="Admin">
    <authorization>
      <!-- Only Admin can access Admin folder pages-->
      <allow roles="Admin"/>
      <allow users="*"/>
    </authorization>
  </location>
ASKER CERTIFIED SOLUTION
Avatar of guru_sami
guru_sami
Flag of United States of America image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Very helpful. Thanks.

I have a folder named Admin

Should my statement read <location path="Admin"> ?

<location path="AdminFolder">
<system.web>

<authorization>
<allow roles="Admin"/> //Allows users in Admin role

<deny users="*"/> // deny everyone else
</authorization>

</system.web>
</location>

====

Does this mean that the web.config folder is in the Admin folder?

Web.config in AdminFolder should look like:

<configuration>

<system.web>
<authorization>

<allow roles="Admin"/> //Allows users in Admin role
<deny users="*"/> // deny everyone else

</authorization>
</system.web>
</configuration>

=====

The real question is:
How do I get the Admin menu node to display in site.menu only if Admin logs on.
See original request:
The Admin menu does not display when the Admin user logs on.
There are two ways you can secure Admin folder:
1: You place <location> in your main root web.config
or
2: You can add a web.config to your Admin folder. Then in that web.config you add the <authentication> section directly into the <system.web> and not the location.

I think the link covers both the cases.

So which web.config are you adding the permission settings?

To troubleshoot your issue:
- After you login, navigate to some page in Admin folder by typing directly in the browser address bar.
If you get redirected back to login page then for some reason the roles aren't detected.
And if you are allowed to go to Admin page, it could be settings issue.
I have only one web.admin file. It is in the root folder.

I will work on this based on the information you have provided.

Thanks,
None of these techniques work. This may be an issue with Windows 8.  this was working perfectly for 3 years when the same code was used with Windows 7.

This is the work-around that works:

Only Admin has access to AdminMenu.aspx.

<location path="~/Admin/AdminMenu.aspx">

    <system.web>
      <authorization>
        <!-- Only Admin can access Admin folder pages-->
        <allow users="Admin"/>
        <deny users="*"/>
      </authorization>
    </system.web>
  </location>

Site.Map has a AdminMenu node which opens the AdminMenu page.
The AdminMenu page is in the Admin folder.

<siteMapNode title="AdminMenu" description="Admin Menu"
             url="~/Admin/AdminMenu.aspx" roles ="Admin"/>

AdminMenu contains a list of links that open the Admin pages.
The links are not visible until Admin logs in.
AdminMenu.aspx contains a log control in a table cell and the links to Admin pages in another table cell.

<asp:TableRow>
          <asp:TableCell ID="celLogin">
           <asp:Login ID="StockProLogin" runat="server" BackColor="#EFF3FB"
                BorderColor="#B5C7DE" BorderPadding="4" BorderStyle="Solid" BorderWidth="1px"
                Font-Names="Arial" ForeColor="#0066FF" Font-Size="8pt"

===================

<asp:TableCell ID="celMenu" >
                <ul>
                    <li><a id="mnuHiPerf" runat="server" href="~/Admin/FindPriceExceptions.aspx">High Performers</a></li>
                    <li><a id="mnuWatchList" runat="server" href="~/Admin/WatchListNew.aspx" >Manage Watch List</a></li>
                    <li><a id="mnuScoreStocks" runat="server" href="~/Contact" >Score Stocks</a></li>

======
AdminMenu Code behind

 protected void Page_Load(object sender, EventArgs e)
        {
            celMenu.Visible = false;
            if (!IsPostBack)
            {
                StockProLogin.Focus();
                mnuScoreStocks.Visible = false;
                celMenu.Visible = false;
               
            }
        }

The celMenu visible property is set to true if the Admin Login is successful.

if (e.Authenticated == true)
                {
                    strUserName = StockProLogin.UserName;
                    strUserID = currentUser.ProviderUserKey.ToString();
                    string strLoginText = "Hi " + StockProLogin.UserName + " You are logged in";
                    lblLoginMsg.Text = strLoginText;
                    celMenu.Visible = true;
                }

                else // User is not in database
                {
                    e.Authenticated = false;
                    StockProLogin.FailureText = StockProLogin.UserName + ". You were not found. Re-enter User Name and or Password.";
                }

This is clunky, but it works.

I have spent 5 days working on the documented web.config secure methods
Thank you for your persistence.
Glad you got some workaround...
From what I see above: <location path="~/Admin/AdminMenu.aspx"> will only protect single page.

So you might want to test the scenario below to be sure your other Admin pages are secure:

1: Login as non-Admin user
2: Navigate to your other AdminPage i.e. say /Admin/WatchListNew.aspx by typing it inside the browser.