Security :: SiteMap - Different Security Trimming For The Same Page?
Mar 3, 2011
I have a site map with a node and two inner nodes. The inner nodes have the same url but a different querystring parameter. I want the users with role "User" to see only the second of these links in their menu.
This is my siteMap:
[Code]....
This is the configuration of the web.config:
[Code]....
As a result, the users with role "User" can see only the second link (Search) which is fine, but they get an Access Denied when they navigate to it which is logic since they don't have access to that page, but it's not really fine for me.
View 2 Replies
Similar Messages:
Feb 2, 2010
I understand that we can easily secure the menu pages by enabling SecurityTrimming and putting role information in web.sitemap.
But my problem is that we have to use a 3rd party authentication piece. The ASP.NET application gets the UserId and roles from the authentication module.
I need to show/hide ASP.NET pages based on the incoming user's roles.
Is it possible somehow to use web.sitemap with these roles?
Or should I come up with my own way to map a web page to role/s?
View 1 Replies
Feb 28, 2011
We're writing an app that has a requirement for allowing/disallowing access based on user role.In a traditional .net app of course you set the security trimming attribute in the web.config and set the nodes in the web.sitemap file and you were set.
View 2 Replies
May 31, 2010
In my web.config I have configured a SiteMapProvider with securityTrimmingEnabled="true" and on my main master page is an asp:Menu control bound to an asp:SiteMapDataSource. In addition I have configured restricted access to all pages in a subfolder "Admin" (using another web.config in this subfolder).
If I put a sitemapNode in Web.sitemap...
<siteMapNode url="~/Admin/Default.aspx" title="Administration" description="" >
... only users in role "Admin" will have the menu item related to that siteMapNode. So this is working fine and as intended.
Now I have defined a URL route in Global.asax to map the physical file to a new URL:
System.Web.Routing.RouteTable.Routes.MapPageRoute("AdminHomeRoute",
"Administration/Home", "~/Admin/Default.aspx");
But when I use this route-URL in the SiteMap file...
<siteMapNode url="Administration/Home" title="Administration" description="" >
... it seems that security trimming does not work: The menu item is visible for all users. (Access to the page is still restricted though, so selecting the menu item by non-Admin users does not navigate to the restricted page.)
Question: Is there any setting I've missed so far to make security trimming working with URL routing in ASP.NET 4.0 Web Forms? Did I do something wrong? Is there any work-around?
View 1 Replies
Nov 16, 2010
I understand how web.sitemap works in conjunction with the site's menu in order to make menu/submenu choices visible/invisible depending on the authenticated user's roles.
For example, part of my web.sitemap has the following which defines 3 reports. Then, once users log in, those with "Managers" role can see all 3 reports while those with "Users" role can only see the 1st and the 3rd report:
<siteMapNode url="~/Reports/Reports.aspx" title="Reports" description="Reports" roles="Managers,Users">
<siteMapNode url="~/Reports/LettersReport.aspx" title="Letters Report" description="Letters Report" roles="Managers,Users" />
<siteMapNode url="~/Reports/UserSummaryReport.aspx" title="User Summary Report" description="User Summary Report" roles="Managers" />
<siteMapNode url="~/Reports/LetterSummaryReport.aspx" title="Letter Summary Report" description="Letter Summary Report" roles="Managers,Users" />
</siteMapNode>
How can I retrieve these results outside of the menu process? For example, in one of my web pages, I may need to create a dropdown list which should be populated with the results of the menu process.
How can I make the dropdown list show all 3 items when a manager has logged in but only 1st and 3rd items when a user has logged in?
View 1 Replies
Sep 24, 2010
I have role assignments on both the first and second level of my menus within my sitemap file. The first level works fine, and I only see items assigned to my role. But roles assignments seem to have no effect on the second level. It seems like if you have access to the first level, you have access to everything on the second level. Is this correct?
From my sitemap (either a SalesRep or an Administrator can see everything underneath):
<siteMapNode title="Administration" roles="SalesRep,Administrator" description="Admin" >
<siteMapNode title="CompanyMaintenance" roles="SalesRep" url="~/Admin/CompanyManagement.aspx" />
<siteMapNode title="Initialize Roles" roles="Administrator" url="~/Admin/Roles.aspx"/>
</siteMapNode>
View 3 Replies
Aug 27, 2010
iam using masterpage and sitemap in my project, what i want to is that if user login is did, based on the user previlage in need to show the sitemap menu page if user i have the previlage to see the page then i should enable that page otherwise i need disable that page
View 1 Replies
Apr 20, 2010
<siteMapNode roles="*"> <siteMapNode url="~/Default.aspx" title=" Main" description="Main" roles="*"/> <siteMapNode url="~/Items.aspx" title=" Adv" description="Adv" roles="Administrator"/>....
any user can see Adv page. That is a trouble and a qustion : why and how to hide out of role sitenodes.
little addition : <siteMapNode roles="*"> appears to all nodes If I don't do roles="*" on main node, all users can't see Main node ... And I SiteMapDataSource works only if there 1 node
View 2 Replies
Jan 21, 2010
My web app has 3roles, I need to lock down certain sitemap menu items based on the users role and what I'm using isn't working.
my roles are Supervisor, manager, and User.
[Code]....
I only want those roles to see those menu options, I do not want someone with a user role to see those options at all. Currently if I log into my site with a user role, I'm seeing everything on the menu (via the sitemap).
View 5 Replies
Oct 27, 2010
I have implemented role based security in my asp.net 2.0 vb.net application using windows authentication and the windowstokenroleprovider and limiting access to certain pages using the location tag to specific active directory groups.
The issue is that when a user tries to access a page they are not authorized to view it brings up a login prompt and when it does not pass it takes them to the default page that tells them they are not authorized to view the page. I am wondering if there is a way to throw up a custom page that tells them they are not athorized to view the page that I can incorporate into the site itself with the header and so forth? if this page could come up in lieu of the sign in box popping up as well.
View 2 Replies
Jun 23, 2010
i used security in login page which restricts all users who have not logged in to all pages. I need to restrict specific users to specific pages. I'm not using AspSqlService provider. So i cannot create roles and restrict automatically. And the pictures i use in login page are not visible @ runtime.
View 1 Replies
Mar 26, 2010
which i added one sitemap in whcih i added all the pages n i want to retrive that sitemap in masterpage based on login in whcih suppose admin hs login then display only admin pages with sitemap n if normal user hs login then it ll display only normal user pages with sitemap. here i didn't use login control but i create login page manually.
View 1 Replies
Mar 9, 2010
how to implement page level and control level security in MVC applications. Also I would like to know the definition for Page Level and Control Level Security in MVC. Please refer me if any third party tools avilable to implement security in MVC.
View 1 Replies
Dec 15, 2010
I have to invoke SSIS packages from web service in the most secure way. I think that windows authentication will be secure but i am not sure. I do not have much knowledge about how to achieve this and the information on the internet is very distributed.
View 1 Replies
Apr 6, 2010
We use Sharepoint to control our websites. We build the sites, then load them into the sharepoint server. My question is if I use windows authentication, how can I get my role security in my web config file to coencide with the asp.net controls that use the Forms authentication. Is there a differenence? Our security uses a session variable for security but there is no where to set up their permissions except in active directory. I hope this makes sense because I would like to implement the LoginView with Role groups but how can I give them the role="administrator"? Do I have to go into active directory and give them these permissions(would take awhile due to the size of the company)? Or do I have to set up priveladges in the web.config file for each user(difficult I think)?
View 5 Replies
Aug 18, 2010
I'm writing a simple Intranet application using windows authentication. I want to restrict access to Safe/UCantSeeMe.aspx. I am aware of the AuthorizeAttribute, but this only works on methods. I also found a good post on doing this with the MVC pattern, but I'm not using MVC. This can be done with roles in forms based security. I read on MSDN that using windows based security means roles are based on groups, but it doesn't go into any detail. how can I restrict access to Safe/UCantSeeMe.aspx?
View 1 Replies
Jul 12, 2010
I am getting an error incase user submits incorect security question's answer. I gave text in 'QuestionFailureText'. But its not working.
Below is the error getting.
'
Security Exception Description:The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.
Exception Details: System.Security.SecurityException: The source was not found, but some or all event logs could not be searched. Inaccessible logs: Security.
Source Error:
[Code]....
Source File: c:WindowsMicrosoft.NETFramework64v2.0.50727Temporary ASP.NET Filespng.webe16ed3ec284df543App_Web_rvfjstqa.5.cs Line: 0 Stack Trace:
[Code]....
View 3 Replies
Mar 17, 2011
We are using membership provider for LDAP authentication. It is working as it should.
But what all configuration settings I have to do so that
all the future requests to this application run under the security context of the Logged in user account not through the some default user set in IIS.
We need to have this working because all the permissions on the database are based on the logged in user.
We are using form authentication for LDAP authentication. And having impersonation = true in web.config.
View 1 Replies
Apr 24, 2010
[ASP.NET 3.5, FormsAuthentication, SQL Server]
In the Roles table there is Role, and RoleType.
I have 3different roles, 2 of which have sub-roles.
Example
Role----------------------Type
Adminstrator
Subscriber---Basic
Subscriber---Business
I need to implement Code Access Security, and URL based security using the roles & types...
For instance, the (Subscriber/Basic) would need to view a different set of pages, and have different access to things then a (Subscriber/Business).
I think I can handle the Code Access security with a custom attribute, but I am unsure to how enforce a User be apart of 2 roles in the URL Authorization.
I am currently using the web.config to deny/allow access to the directories/pages.
e.g.
/Areas/Admin/web.config
[Code]....
Is it possible to force the user to be apart of 2 roles with this technique?
View 1 Replies
Sep 9, 2010
I'm working on a website where it should be possible for registered users to upload word documents. The administration of users is done through Membership and Profiles. When the documents have been uploaded, the following needs to be achieved:Non-registered users should not be allowed to download documents I should be able to control which users that has access to which documents I should be able to register which user downloads which documents I should be able to track how many times a document has been downloaded
Can this be achieved be using Membership and Profiles?
View 1 Replies
Nov 19, 2010
I have identity impersonate = true in the Web.config file. I have integrated security = true in the DB connection string in the Web.config file.Before identity impersonate was true,users were able to access the DB through the web service account (seemingly).Now I get an error which says " Login failed for ... " because I am aware there is no specific account for that user in the permissions for that DB instance.I needed to set identity impersonate = true because the web service does not have access to the Active Directory,which I need to retrieve certain user information.
My question is,does identity impersonate = true override the integrated security and attempt to user the authenticated user's account to connect to the DB? Is there a simple way to prevent this in the Web.config itself?If not,would programatically impersonating the user within the Active Directory query functions and setting identity impersonate = false do the trick here?
View 2 Replies
Jun 3, 2010
I am using Itext sharp to create a pdf. I am adding an image and I keep getting this error
Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, ersion=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
it is this bit of code that is causing this
[Code]....
If i comment this out, the PDF builds and no errors are thrown (there is just no image)
I don't understand cause I am am trying to do is read a file.
View 2 Replies
Apr 2, 2013
Error:Â
Security Exception
Description: The application attempted to perform an operation not allowed by the security policy.  To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file. Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.Local its run fine. when i place in iis. it throw this exception.
View 1 Replies
Jul 22, 2010
I have created user web control library project and these controls i'm using in my web application. These User controls just works fine in my local machine but when i moved this project(including Library) to our Local server , it is throwing security exception
Error 1 Cannot register assembly "LocalServerLibraryDemoLibraryDemoLibrary�inDebugLibrary.dll". Request for the permission of type 'System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed. Library
Anybody knows why this error occuring...?
View 2 Replies
Aug 9, 2010
My website security is configured with "Windows Integrated Security" only (anonymous is disabled).
I also want to set a specific account to run the w3wp.exe process using the
Application Pool Identity to a domain account.
Running directly from the server works without any problem but from remote computers I always get the authenticaion window then the 401.1 error (after 3 attempts).
It seems that its the combination of "Windows Integrated Security" along with the "Application Pool Identity" that causes the problem. When I disable one of the two it works properly.
My server is Windows Server 2003 R2, running IIS 6.0.
View 1 Replies
