An overview of how securityTrimmingEnabled is supposed to work.

re: An overview of how securityTrimmingEnabled is supposed to work.

Jonathan Minond — Tue, 28 Mar 2006 22:33:55 GMT

What exactly is it that calls Isaccessible to user? When is that called?
On the menuItemDataBind? or on the SitMap Initialize? Or where?

re: An overview of how securityTrimmingEnabled is supposed to work.

dannychen — Tue, 28 Mar 2006 22:41:02 GMT

IsAccessibleToUser is called for a variety of APIs in the SiteMapProviders. From the root SiteMapProvider it is only called for RootNode and CurrentNode since GetChildNodes and FindSiteMapNode are abstract methods. From StaticSiteMapProvider, these methods as well as ParentNode all call into IsAccessibleToUser. In essense, any time you give it a node and ask it for other nodes, this should be called to trim the set of nodes that is being returned.
--
Danny

re: An overview of how securityTrimmingEnabled is supposed to work.

Serioga — Wed, 29 Mar 2006 00:22:00 GMT

Does SecurityTrimming works when Windows authentication is used? I've tried use this feature with Menu component and Windows authentication, as a result, menu becomes just invisible. Is it a bug, o I'm doing something wrong?

re: An overview of how securityTrimmingEnabled is supposed to work.

dannychen — Wed, 29 Mar 2006 18:15:39 GMT

SecurityTrimming does work with Windows Authentication. However, in this case, the filtering is based on File ACLs. I have more info in this blog post:

http://weblogs.asp.net/dannychen/archive/2005/04/19/403365.aspx

--
Danny

re: An overview of how securityTrimmingEnabled is supposed to work.

Serioga — Wed, 29 Mar 2006 21:48:47 GMT

Yeah, I read this post yesterday, but the problem is that permissions work just fun, but my horizontal menu just disappeared. So, I mean user can access page, but horizontal menu from master page is not visible...

re: An overview of how securityTrimmingEnabled is supposed to work.

dannychen — Thu, 30 Mar 2006 00:07:26 GMT

My initial suspicion then is that you have a dummy top level node with no url, in which case you will need to add roles="*" to it. If this isn't enough to solve your issue, please email me through my blog and I can help you more with your issue over email.
--
Danny

re: An overview of how securityTrimmingEnabled is supposed to work.

Serioga — Thu, 30 Mar 2006 10:21:21 GMT

Danny, yes!!! You was right. The whole issue was with empty top level element. After I added roles="*" everything started to wor as it suppose to.
I wonder, why this thing is not documented, or my empty top level element is so unussual?

Tanks, one more time.

re: An overview of how securityTrimmingEnabled is supposed to work.

Marty — Fri, 21 Apr 2006 22:04:58 GMT

I am having a similar problem. I tried putting a roles="*" into my dummy top node but I still get an empty treenode. Do you have any further advice?

re: An overview of how securityTrimmingEnabled is supposed to work.

dannychen — Fri, 21 Apr 2006 22:09:28 GMT

Marty,
Perhaps this blog post might help you. Just a shot in the dark. Otherwise, I'll need to see more info to help you.

http://weblogs.asp.net/dannychen/archive/2005/04/04/397072.aspx

You can also post this issue on the ASP.NET forums (http://forums.asp.net) in the "MasterPages Themes & Navigation Controls" forum and get a lot of help.

--
Danny

re: An overview of how securityTrimmingEnabled is supposed to work.

Palle — Tue, 25 Apr 2006 14:19:51 GMT

Marty: I was having similar problem as Marty, I found that a siteMapNode in the very beginning of the site map was totally empty -
stuck in roles="*" - bingo.
I was also not seeing the menu - and had all the other siteMapNodes containing roles="*".

re: An overview of how securityTrimmingEnabled is supposed to work.

wazzzuup — Thu, 25 May 2006 23:46:39 GMT

I have problem corresponding discussing topic.
Can anyone say something about this bug:

I have two groups of roles: administrators and users and have root folder and admin folder of my site. I have two rules: allow acces to admin folder to administrators and deny acces to it for all other users.

So, I'm logging in as administrator at first and then, if I don't log out using LoginView Control and just go to page with login control and log in as non-administrator user, I can type path to page in restricted folder Admin and I CAN load it! Remember - the required condition for this is not to log out from administrator role and directly log as user. I think this is possible situation - just forget to log out and user who even relogin as itself could get access to restrict site area...

So, How can we close this hole?

What's wrong with ASP.NET provider model? - The XmlSiteMapProvider

Paulo Morgado — Sun, 08 Apr 2007 00:43:08 GMT

Besides the problem with spaces in query strings (the same thing happens for the entire URL), you cannot

O que há de errado com o modelo de Providers do ASP.NET? - XmlSiteMapProvider

Paulo Morgado — Sun, 08 Apr 2007 01:28:38 GMT

Além do problema com espaços em query strings (o mesmo acontece para todo o URL), não se pode derivar

Site Navigation, siteMap and SiteMapProvider overview

Ahmed Hussein — Fri, 09 Nov 2007 01:07:15 GMT

Site Navigation, siteMap and SiteMapProvider overview

Restricci??n de Accesos en ASP.NET 2.0 « Ilopez’s Weblog

Restricci??n de Accesos en ASP.NET 2.0 « Ilopez’s Weblog — Mon, 14 Jan 2008 21:28:43 GMT

PingBack from http://ilopez.wordpress.com/2008/01/14/restriccion-de-accesos-en-aspnet-20/

Employment Wages » -[ Danny Chen ]- : An overview of how securityTrimmingEnabled is …

Fri, 28 Mar 2008 15:50:22 GMT

PingBack from http://employmentwagesblog.info/danny-chen-an-overview-of-how-securitytrimmingenabled-is/

re: An overview of how securityTrimmingEnabled is supposed to work.

vkelman — Fri, 30 May 2008 02:40:10 GMT

Hi Danny! I'm using a custom SQL-based Site Map provider.

You said above, "A page that should not be accessed and cannot be accessed is secure." I think I can control both security trimming (a visibility of page on menu) and accessibility by using IsAccessibleToUser(). I can either

1) Attach custom SiteMapResolve event handler method and inside check if SiteMap.CurrentNode.IsAccessibleToUser() == true. If it is false - redirect to an appropriate page (default.aspx, for example).

2) Check and do the same thing in master page's OnInit() method.

3) Attach some custom page event handler using HttpModule or global.asax and perform that SiteMap.CurrentNode.IsAccessibleToUser() check and redirect there.

Could you comment on it please? Is it a good approach?

Recursos interesantes « Tincho Repository

Recursos interesantes « Tincho Repository — Tue, 08 Jul 2008 17:51:17 GMT

PingBack from http://martinmelchior.wordpress.com/2008/07/08/recursos-interesantes/