Web Forms :: Menu - Role Security Not Working On Second Level Of Sitemap
Sep 24, 2010
I have role assignments on both the first and second level of my menus within my sitemap file. The first level works fine, and I only see items assigned to my role. But roles assignments seem to have no effect on the second level. It seems like if you have access to the first level, you have access to everything on the second level. Is this correct?
From my sitemap (either a SalesRep or an Administrator can see everything underneath):
<siteMapNode title="Administration" roles="SalesRep,Administrator" description="Admin" >
<siteMapNode title="CompanyMaintenance" roles="SalesRep" url="~/Admin/CompanyManagement.aspx" />
<siteMapNode title="Initialize Roles" roles="Administrator" url="~/Admin/Roles.aspx"/>
</siteMapNode>
My web app has 3roles, I need to lock down certain sitemap menu items based on the users role and what I'm using isn't working.
my roles are Supervisor, manager, and User.
[Code]....
I only want those roles to see those menu options, I do not want someone with a user role to see those options at all. Currently if I log into my site with a user role, I'm seeing everything on the menu (via the sitemap).
I want to create a three level menu, I have got a recursive function today that works with three levels. But the thing is how do i output the third lever? Using two repeaters i have managed to get a hold of the first two levels through the ChildNodes property. But that only gives me the second level. What if a want the third level? Example code below. How do i get the third level? :)
I've made a web page from the tutorials in "How do I" to link a menu to web.sitemap.
I build the site and no errors come up, the site opens in my browser, part of the menus work but the menu that links to the sitemap is not displaying the menu contents.
I've run the code on another machine and also made the code in VWD2010 and it runs as it should.
Un-installed and re-installed VWD 2008 and still no luck.
I understand how web.sitemap works in conjunction with the site's menu in order to make menu/submenu choices visible/invisible depending on the authenticated user's roles.
For example, part of my web.sitemap has the following which defines 3 reports. Then, once users log in, those with "Managers" role can see all 3 reports while those with "Users" role can only see the 1st and the 3rd report:
How can I retrieve these results outside of the menu process? For example, in one of my web pages, I may need to create a dropdown list which should be populated with the results of the menu process.
How can I make the dropdown list show all 3 items when a manager has logged in but only 1st and 3rd items when a user has logged in?
I would like to control the menu display (show/hide menu items) in my ASP.NET 3.5 website based on the user's AD group and also control the functionality within a page using user's active directory group membership. how to do this? menu is stored in an xml file and bound to a control. all the examples I see on the web are related to forms authentication. this is an intranet website with integrated windows authentication and both authentication and authorization should be controlled using user's active directory groups.
I have a website created in ASP.Net 3.5(C#) and I have configued asp.net defalut membership provider for it.There are 5 different type of roles in this site. Now I want to display a small role based (i.e. depending upon the logged in user's role) menu whenever a user log-in to the site.For this I have added the code in the OnPageLoad() event of the master page, here is the code -
[Code]....
Now I wanted to know Is this code is logcally correct? And what is the security level of this code?
I have a menu in my application (created from the sitemap) which I want available to two user roles. However, there are items on that menu, I want available only to one role or the other. So I have created the following in my sitemap.
[Code]....
Essentially, I want employees with the "TimeUser" role to see the "My Profile" link that goes to the EmpProfile.aspx page, but not the link to the client profile page. However, when an employee logs in, they see both. I am guessing this may be because the "My Account" node which contains them allows both roles. Is there a way around this without duplicating the "My Account" node?
I have an asp.net application. This is a role based authorization. Basically, if the user's are in a specific AD group, it should allow them to look at the webpage. Otherwise it should error out saying "not authorized".
In the web.config file, I have the following lines of code. I made sure I am in the Apr-Sales-Writers AD group.
Issue: when I go to default.aspx page, it prompts for a userid and password and even though I put correct password and userid, it says "not authorized error".
Code: Access is denied. Description: An error occurred while accessing the resources required to serve this request. The server may not be configured for access to the requested URL.
Error message 401.2.: Unauthorized: Logon failed due to server configuration. Verify that you have permission to view this directory or page based on the credentials you supplied and the authentication methods enabled on the Web server. Contact the Web server's administrator for additional assistance.
In the IIS project (on IIS server), I configured it to be a "Integrated windows authentication".
i am using the below code to provide a "select role option" when creating new users accounts. i am using a listbox to select multiple roles and submit it, it works when a sinlge role is selected but not when two or more are selected. The error i'm getting is "the user "someuser" is already in role "first_rolethatwasselected"
I'm trying to create an asp menu for a website. The site will have 2 levels of user Master users (which will have more options) and Sub users which will have limited menu options.
I was wonder does anyone knows if a way to hide menu items? I've tried google but I can't really find much.
Here's the Asp code
[Code]....
I have worked out how to hide the whole menu when the user is not logged in
how to implement page level and control level security in MVC applications. Also I would like to know the definition for Page Level and Control Level Security in MVC. Please refer me if any third party tools avilable to implement security in MVC.
I have a sitemap defined in a web.sitemap file and I'm also doing role-based authorization for locations using web.config. I'm using the web.sitemap to generate a menu structure on a Master page, and I wanted to somehow hook the role-based auth from web.config into my menu to hide links to pages that would be denied access from the roles auth.
Is it possible to read the list of <location path=""> and associated role authorizations (allow or deny) from web.config so I can check that against the web.sitemap when generating the menu structure?
this is probably something stupid that i am forgetting to do but its got me stumped. I have a web.sitemap file in my app with the following entries
[Code]....
i then slapped a sitemapdatasource into my masterpage with a menu control and changed the design in the designer. I then run the app for my default page /Pages/Default.aspx. when the page comes up i see "Home" with a flare out arrow. when i mouse over home it shoots out a small box, as expected, to the right which obscures my text on the default page. the problem is the flared out box is blank and then i try move over it, essentially moving off home it dissapears. If im not mistaken, even if my links are broken or dont extist i should at least see the text right? so when i mouse over home, in the flareout menu i should see Dive, DIve Location, User, Client, Cert at least in unclickable plain text or something.
I'm doing some research on security and sitemaps in ASP.net and am unfortunately running short on time. I have not worked too much with ASP.net security so I'm not completely sure if I'm heading in the right direction.
Here is my problem:
I have a public website (i.e. on the internet) that will allow any user to sign up to. The website will be developed using ASP.net webforms. These users may create other users and assign these users different roles.
Different roles have different restrictions and the menu is displayed appropriately. For example, a user acting as an administrator can see all menu options. Whereas a limited user will only see some of these menu items.
There needs to be the ability for users on our end to modify what pages certain roles can access. For example, if Role1 can do task X, we would like to be able at some point modify Role1 to no longer do task X. This would be done using an application built in-house.
User types (roles) are to be saved in the database. User permissions (what pages each type can have access to) are also to be saved saved in the database.
Here is something I am thinking of doing:
Implement the authorization and authentication set up built in to ASP.net using the web.config fileUse Sitemaps to dynamically create menus/breadcrumbs from the database
I believe it is possible to do the second one using custom providers (please correct me if I'm wrong). But I am not entirely sure if it's possible to configure the web.config file dynamically.
I suppose this is really more of a yes/no answer but I would just like to make sure I'm not going in the wrong direction. I will be using VS2008 and .net 3.5 framework.
I am trying to make TreeView menu with three level deep. I have problems, and can't figure it out how to save TreeView position in third level, when I click it. When I click it in second level, It saves position(expanded), but when I click third level, the whole menu collapses into root level :In my example I search for selected node name, expand it with node.Expand(); .. that is for masternode, but how to expand childnodes of masternode with selectednode name? Just cant figure it out..my code:
my menu control is bound to a sitemap. I would like to be able to customize the second level of the menu (the dynamic level), so that I can insert an item image, link and text. An example is the top menu in [URL]
Is it possible to achieve using asp.net menu and sitemap ? maybe using the dynamic item template of the menu ?
Usually in sub-folder we will limit the access right to some roles and this feature requires pre-defined database schema.
However, if i still want to use this role feature of asp.net, but I do not like the pre-define database schema, I want to extract role information from my own database table and bind it to the role.