Security :: SiteMap Control Based On User Roles Works Wrong?
Apr 20, 2010
<siteMapNode roles="*"> <siteMapNode url="~/Default.aspx" title=" Main" description="Main" roles="*"/> <siteMapNode url="~/Items.aspx" title=" Adv" description="Adv" roles="Administrator"/>....
any user can see Adv page. That is a trouble and a qustion : why and how to hide out of role sitenodes.
little addition : <siteMapNode roles="*"> appears to all nodes If I don't do roles="*" on main node, all users can't see Main node ... And I SiteMapDataSource works only if there 1 node
View 2 Replies
Similar Messages:
Sep 22, 2010
I have sitemap which looks like this:
<?xml version="1.0" encoding="utf-8" ?>
<siteMap xmlns="http://schemas.microsoft.com/AspNet/SiteMap-File-1.0" >
<siteMapNode url="~/default.aspx" title="Prva stran" roles="*" description="Shema ISEF">
<siteMapNode roles="2" title="Analize" id="Analize" description="" >
<siteMapNode url="~/karneki1.aspx" title="Karneki1" description="" />
<siteMapNode url="~/karneki2.aspx" title="Karneki2" description="" />
</siteMapNode>
</siteMapNode>
</siteMap>
if I set roles in a siteMapNode with title "Analiza" it works fine, the link is not shown in the navigation... but if I set roles on any of "karneki" siteMapNode the links are still visible...
Is it even posible to restrict access to lower links based on user role?
View 1 Replies
Nov 19, 2010
I'm using the built-in membership controls and classes to manage authorization and authentication in my app. Here's what I want to do: If the user is in "Manager" role, I want to send him/her to the manager page no matter where he/she came from. If the user is in "Supervisor" role, I want to send him/her to supervisor page no matter where he/she came from. However, if the user is not in any role, just a registered member, I want to send him/her back to where he/she came from as stated in ReturnUrl. If no, ReturnUrl is specified, I will send him/her to the home page.
On my login page, I'm using the Login server control but in my code behind, there's no method wired to the control because the control takes care of everything. I assume I need to add a method and wire it to the submit button, is that right? If so, I'll have to really handle the login event which means I'll need more info about how to do that.
View 6 Replies
Sep 12, 2010
I am using Formsauthentication. My situation is as per below:
the login form has codebehind :
protected void LoginButton_Click(object sender, EventArgs e)
{
TextBox uname = Login1.FindControl("UserName") as TextBox;
TextBox pass = Login1.FindControl("Password") as TextBox;
CheckBox rm = Login1.FindControl("RememberMe") as CheckBox;
Literal fail = Login1.FindControl("Literal1") as Literal;
if (Membership.ValidateUser(uname.Text, pass.Text))
[Code].....
Now the problem is that when I try to login with proper credentials it first redirects to default.aspx( there is no such page in my project), after login again with same credentials it properly redirects to the correct page. Why such problem arises? to fix this?
View 6 Replies
Mar 26, 2010
which i added one sitemap in whcih i added all the pages n i want to retrive that sitemap in masterpage based on login in whcih suppose admin hs login then display only admin pages with sitemap n if normal user hs login then it ll display only normal user pages with sitemap. here i didn't use login control but i create login page manually.
View 1 Replies
Aug 27, 2010
iam using masterpage and sitemap in my project, what i want to is that if user login is did, based on the user previlage in need to show the sitemap menu page if user i have the previlage to see the page then i should enable that page otherwise i need disable that page
View 1 Replies
Mar 22, 2010
I have a (simple) sitemap and am trying to figure out why a certain sub-menu is always visible.
<?xml version="1.0" encoding="utf-8" ?>
<siteMap xmlns="http://schemas.microsoft.com/AspNet/SiteMap-File-1.0" >
<siteMapNode url="~/Login.aspx" title="Home" description="RivWorks" roles="*">
[code]...
I have a main menu option of "Dashboard". Under this menu item I have 2 options: 1) Campaign Manager & 2) Negotiation Manager. Now, what is interesting is when I am in either the campaigns role OR the auto-negotiation role I see the Dashboard and BOTH sub-menu items. This is not the behavior I expected. I expect to only see both sub-menus when I am in the campaigns role AND auto-negotiation role. The OR scenario should give me the Dashboard menu item and one OR the other sub-item...Am I doing something wrong here or thinking a wrong way?
View 1 Replies
Mar 1, 2011
I wanted to know how to add the feature- that user should be redirected to an error page where the error will be display, upon entery wrong username/password when trying to login through an asp.net login control?
1. how to redirect the user to an error page upon entering wrong username/password (from a login control which is placed on master page)?
2. how to pass the error to the error page so it can be displayed there?
View 28 Replies
Feb 17, 2010
I wanted to maintain the great features of ASP security control but i couldn't find a way to fit my purposes. I wanted to add in multiple user in one shot instead of one by one, So far using CreateUserWizard control only allow admin to add user once at a time. Is there a way to add in multiple user with a uploaded name list ?
View 3 Replies
Apr 24, 2010
[ASP.NET 3.5, FormsAuthentication, SQL Server]
In the Roles table there is Role, and RoleType.
I have 3different roles, 2 of which have sub-roles.
Example
Role----------------------Type
Adminstrator
Subscriber---Basic
Subscriber---Business
I need to implement Code Access Security, and URL based security using the roles & types...
For instance, the (Subscriber/Basic) would need to view a different set of pages, and have different access to things then a (Subscriber/Business).
I think I can handle the Code Access security with a custom attribute, but I am unsure to how enforce a User be apart of 2 roles in the URL Authorization.
I am currently using the web.config to deny/allow access to the directories/pages.
e.g.
/Areas/Admin/web.config
[Code]....
Is it possible to force the user to be apart of 2 roles with this technique?
View 1 Replies
Apr 26, 2010
I created a custom forms authentication and membership provider and it seems to work fine opening up in WAT, creating roles and adding users. Also when I in my mvc app use it to log users in, it works fine. However it seems to fail to determine a user's role (no errors, but just jump over User.IsInRole(...) lines and Roles.GetRolesForUser(); comes up empty. I got a gut feeling I did something wrong with my configuration, so for now I'll post just that:
[Code]....
View 6 Replies
Oct 5, 2010
I'm trying to redirect users upon login based on their roles which were defined in the Administer website feature of asp.net.Heres what I'm trying protected void Login1_LoggedIn(object sender, EventArgs e)
View 2 Replies
Apr 21, 2010
I have a website where users can login and they have different roles/privileges. I want to have it where the user's view of the webpage is determined by their role. Right now I am storing the role in the UserData property of the FormsAuthenticationTicket class (which is retrieved from a database during login). When the main page is loading, I want it to check the user's role and then only show the controls/portions of the page that are for that role. For example, if the user is not an administrator, they shouldn't be able to click on a button to delete a record. At the moment I am using labels to hide or show areas depending on the user's role. Something like this:
[Code]....
[Code]....
And here is a portion of the markup code with the Labels:
[Code]....
This works, but doesn't seem to be a very good way to handle this type of thing. Is there a cleaner, more elegant way of doing this? Something similar to the LoginView control, but which I can use for roles?
View 4 Replies
Jul 4, 2010
I have implemented membership and enable role based on. I have 2 roles "admin" and "super_admin" and once the user login, I want to redirect them to different folder based on their role. My guess is, the redirection need to be determined once the user clicked login on the login control and here is my code.
[Code]....
However, whenever the user login (regardless of admin or super_admin) the page keeps redirection to Anyone/Default.aspx.
View 5 Replies
Jul 8, 2010
In a standard, generated list view, how can I hide certain ActionLinks based on the roles the logged in user belongs to?
View 1 Replies
Feb 23, 2011
I am using ASP.NET MVC 3. We assign roles to certain people at work, then we use Windows authentication to determine what roles a user has. Lets say the roles are RoleA, RoleB and RoleC. So now I get a list of roles for a user. Lets says that UserA belongs to RoleA and RoleB. Some of my views need to be authenticated as not everyone can view certain views. Lets say that ViewA can only be viewed by users that belong to roles RoleA and RoleB. How would I do this? What would I need to look into? When a user that does not belong to these roles tries to access the views then he/she should be redirected to an error page.
View 1 Replies
Jan 21, 2010
My web app has 3roles, I need to lock down certain sitemap menu items based on the users role and what I'm using isn't working.
my roles are Supervisor, manager, and User.
[Code]....
I only want those roles to see those menu options, I do not want someone with a user role to see those options at all. Currently if I log into my site with a user role, I'm seeing everything on the menu (via the sitemap).
View 5 Replies
Aug 17, 2010
I have been using the following tutorial and had to convert the code to C# for my project, now i cant get the code to work, im getting red line under the word "in" in the UpdateRolesFromList,
i tried to add a datasource on page load for the checkboxlist like so RoleList.DataSource = PopulateRoleList(User.Identity.Name.ToString());and gives me error saying cannot implictly convert type 'void' to 'object'
[URL]What am i missing, that when i load the page or even do a search it never displays the checkbox list as it shows in the tutorial?
[Code]....
View 7 Replies
Oct 26, 2010
Is there a tutorial on how to redirect user to a specific web page based on his/her role? For example, I have teacher role and student role. When the teachers login, it will redirect the teacher to the teacher web page and the students redirected to the student web page.
View 1 Replies
Jul 22, 2010
I need to implement field level security based on the roles. I have a page Employee.aspx . In that i have ten controls. If i am enter as admin role i need to show all the controls. If i am enter as user have to show only five controls. How to design the appplication for control level security?
View 5 Replies
May 19, 2010
As mentioned in subject line I'm not able to configure role based website in IIS7. Please find details below.
Environment Details:-
.Net Framework: 3.5
Server: Windows 2008
Webserver: IIS7
Database: SQL Server 2008
Authentication Type: Form Based
Roles/Membership Provider: User defnied.
Problem:-
After setuped my website in iis7 while trying to Login in web page even I entered correct password it says Incorrect password in Login control.After long googling I suspecty that we need to add "Provider to trusted provider" to Authorized provider. I have gone http://www.iis.net/ConfigReference/system.webServer/management/trustedProviders/add but didn't works for me.
Can you anyone please help me in this.
View 8 Replies
Jun 26, 2010
i am working in asp.net and csharp, we have 10 user, but certain user only need to put dataentry. how to enable and disable based on the user to access certain form ,like add, modify view options.
View 1 Replies
Mar 4, 2010
i use the CreateUserWizard in order to create users. Asp.net generates automatically a password which is sent to the user by email.
The emailaddress must be like this: firstname.name@ourdomain.be . If 'firstname.name' doesn't exist in our Exchange server ('ourdomain.be'), then:
1) the user is still created
2) the message page with: 'Mailbox unavailable. The server response was: 5.1.1 User unknown' appears
E.g: if user John Wayne introduces by error Jhn.Wayne@ourdomain.be , then this user must not be created, and only a simple Alert-message must appear.
I tried a lot of Try / Catch / Endtry but all my attempts fail: the user is always created and the whole message page appears. I also tried with CreateUserWizard1_SendMailError sub.1
Here the aspx file:
[Code]....
View 3 Replies
Aug 12, 2013
I have written code for menu with web.sitemap and SiteMapDataSource1.I want to hide the admin panel if user has no admin rights.
How there is relation between sitemapdatasource,web.sitemap and menu.
<asp:SiteMapDataSource ID="SiteMapDataSource1" runat="server" ShowStartingNode="false" />
<asp:Menu ID="Menu" runat="server" DataSourceID="SiteMapDataSource1" Orientation="Horizontal"
OnMenuItemDataBound="OnMenuItemDataBound" onmenuitemclick="Menu_MenuItemClick" Width="100%">
<LevelMenuItemStyles>
<asp:MenuItemStyle CssClass="main_menu" />
[Code] .....
View 1 Replies
May 20, 2010
How to lock the user with the 3 times entering the wrong password?
View 10 Replies