Everything
is working except that the menu is showing <siteMapNode url="~/Account/Register.aspx" title="Novo Usuário" roles="Admin" description="" /> for the role "socio".
I have already configured the sitemap provider, as you said.
This is working fine, the problem is: the menu is showing an option that it should not display , which is a normal user can not add a new user, only users in Admin role, this line should make this work, but it is not <siteMapNode url="~/Account/Register.aspx"
title="Novo Usuário" roles="Admin" description="" />.
Oh I see. From what I recall (I've not done WebForms in several years) the roles attribute in the sitemap doesn't control access -- it indicates that if a user is in that role then they should see the menu item event if they don't have access. It's not what
you normally expect. This isn't your problem, but I wanted to bring it to your attention if you didn't already know.
So let me ask... if you're not logged in as an Admin, can you browse to the register.aspx page? Reason I ask -- if it's being shown in the menu then something in the sitemap or authorization plumbing thinks a non-Admin can access it. Is there a web.config
in the ~/Account directory that is providing conflicting settings? Is this the only page that has this problem? Perhaps try a different file name or in a different folder?
mdurovni
0 Points
6 Posts
menu with roles
Apr 26, 2012 11:18 PM|LINK
Hi folks,
I am using vs 2010 express with mysql.
After some research I manage to use menu with roles, but one problem I could not solve.
My Web.sitemap looks like this:
<?xml version="1.0" encoding="utf-8" ?> <siteMap xmlns="http://schemas.microsoft.com/AspNet/SiteMap-File-1.0"> <siteMapNode roles="*"> <siteMapNode title="Usuário" description="Usuário" roles="*"> <siteMapNode url="~/Account/ChangePassword.aspx" title="Altera Senha" roles ="Admin, socio" description="" /> <siteMapNode url="~/Account/Register.aspx" title="Novo Usuário" roles="Admin" description="" /> </siteMapNode> <siteMapNode title="Votação" description="Votação" roles="*"> <siteMapNode url="About.aspx" title="Nova" roles="Admin" description="Nova" /> <siteMapNode url="~/Votacoes/Quadro.aspx" title="Consulta" roles ="Admin, socio" description="" /> </siteMapNode> </siteMapNode> </siteMap>My web.config is the following
<location path="~/Account/Register.aspx"> <system.web> <authorization> <allow roles="Admin"/> <deny users="*"/> </authorization> </system.web> </location> <location path="~/Account/ChangePassword.aspx"> <system.web> <authorization> <allow roles="Admin, socio"/> <deny users="*"/> </authorization> </system.web> </location> <location path="About.aspx"> <system.web> <authorization> <allow roles="Admin"/> <deny users="*"/> </authorization> </system.web> </location> <location path="Quadro.aspx"> <system.web> <authorization> <allow roles="Admin, socio"/> <deny users="*"/> </authorization> </system.web> </location>Everything is working except that the menu is showing <siteMapNode url="~/Account/Register.aspx" title="Novo Usuário" roles="Admin" description="" /> for the role "socio".
That shoud not be possible.
What mistake I have done?
Thanks for you help.
Moises
BrockAllen
All-Star
27544 Points
4907 Posts
MVP
Re: menu with roles
Apr 26, 2012 11:27 PM|LINK
You have to enable this in the config at the provider by setting securityTrimmingEnabled:
<configuration><!-- default config --> <system.web> <siteMap defaultProvider="XmlSiteMapProvider"> <providers> <add name="XmlSiteMapProvider" type=“System.Web.XmlSiteMapProvider, System.Web, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" siteMapFile=“web.sitemap" securityTrimmingEnabled="true" /> </providers> </siteMap> </system.web> </configuration>DevelopMentor | http://www.develop.com
thinktecture | http://www.thinktecture.com/
mdurovni
0 Points
6 Posts
Re: menu with roles
Apr 27, 2012 12:15 AM|LINK
Thanks for your help.
I have already configured the sitemap provider, as you said.
This is working fine, the problem is: the menu is showing an option that it should not display , which is a normal user can not add a new user, only users in Admin role, this line should make this work, but it is not <siteMapNode url="~/Account/Register.aspx" title="Novo Usuário" roles="Admin" description="" />.
Any idea?
Moises
BrockAllen
All-Star
27544 Points
4907 Posts
MVP
Re: menu with roles
Apr 27, 2012 12:50 AM|LINK
Oh I see. From what I recall (I've not done WebForms in several years) the roles attribute in the sitemap doesn't control access -- it indicates that if a user is in that role then they should see the menu item event if they don't have access. It's not what you normally expect. This isn't your problem, but I wanted to bring it to your attention if you didn't already know.
So let me ask... if you're not logged in as an Admin, can you browse to the register.aspx page? Reason I ask -- if it's being shown in the menu then something in the sitemap or authorization plumbing thinks a non-Admin can access it. Is there a web.config in the ~/Account directory that is providing conflicting settings? Is this the only page that has this problem? Perhaps try a different file name or in a different folder?
DevelopMentor | http://www.develop.com
thinktecture | http://www.thinktecture.com/
mdurovni
0 Points
6 Posts
Re: menu with roles
Apr 27, 2012 12:58 AM|LINK
Thanks mate!!!!
You save my day. Yes there is a web.config. in the ~/Account directory.
I changed and it worked beautifully.
Problem solved. Many thanks again.
Moisés.