CodeVerge.Net Beta
Login Idy
Register Password
  Forgot?
Explore    Item Entry    Members   
NEWSGROUP
.NET
Algorithms-Data Structures
Asp.Net
C Plus Plus
CSharp
Database
HTML
Javascript
Linq
Other
Regular Expressions
VB.Net
XML





Zone: > NEWSGROUP > Asp.Net Forum > general_asp.net.master_pages_themes_and_navigation_controls Tags:
Item Type: NewsGroup Date Entered: 11/14/2005 2:26:40 PM Date Modified: Subscribers: 0 Subscribe Alert
Rate It:
(NR, 0)
XPoints: N/A Replies: 3 Views: 6 Favorited: 0 Favorite
Can Reply:  No Members Can Edit: No Online: Yes
4 Items, 1 Pages 1 |< << Go >> >|
mighty_man
Asp.Net User
securityTrimmingEnabled in templated solution11/14/2005 2:26:40 PM

0/0

I?m using a custom sitemapprovider that uses roles to support securityTrimmingEnabled.

But when messing around with my solution, and couln't get it working the way I wanted :)
After reading danny chen explain it a bit more (http://forums.asp.net/1063566/ShowPost.aspx), that securityTrimmingEnabled and web.config authorization works hand in hand I realized my problem.

If I want to use rolebased authorization(securityTrimmingEnabled) in a solution that uses templates, like  template.aspx?someId=15,
to configure each page in web.config ain?t an option. I could check it my self in my menu and then on each page with IsInRole(). Would be great to use the securityTrimmingEnabled for filtering all navigation controls and then have to check it on each page, (but that ain?t possible? All or nothing ?) I could live with that.

Any recommendations in this case ?
dannychen
Asp.Net User
Re: securityTrimmingEnabled in templated solution11/14/2005 5:57:31 PM

0/0

The problem I see with this is that your template file:  template.aspx is inherently visible to all users.  In other words you have no security on it.  Therefore the security feature of the SiteMapProvider is ineffective.  We strongly recommend as a best practice that you adhere to the security restriction we've applied.  If you hide a node in your sitemap, the user you've hidden it from should not have access to that page.  The risk is that a michievious user or a hacker could easily (in this example) query your site for pages you didn't intend them to see.

However, if you must work around this requirement, the most central place to make this change is to create your own SiteMapProvider.  Inherit from XmlSiteMapProvider and override this function:  IsAccessibleToUser().  Returning true or false from that function determines how the node is hidden or not hidden. 
--
Danny
disclaimer: Information provided is 'as is' and conveys no warranties or guarantees.
mighty_man
Asp.Net User
Re: securityTrimmingEnabled in templated solution11/15/2005 8:46:59 AM

0/0

I totaly agree with you. It would be better if I could you the built in security all the way. But how is this done, when using a template file that might present information to diffrent roles or users.

One other problem is, if I let other users to set the roles for navigation through an admin, then there would be editing if web.config needed each time, that wouldn?t work out.

But expanding my custom sitemapprovider with the IsAccessibleToUser and the also making av templatebase class that checks if the current users is in one of the roles of that page. Doesn?t sound right with built in features availible.

But if I made a secure template, one that didn?t allow anon users, then securityTrimmingEnabled would work, but I still need to make the templatebaseclass to check the correct roles when the user hits the page right ?

peace.
dannychen
Asp.Net User
Re: securityTrimmingEnabled in templated solution11/16/2005 5:25:35 PM

0/0

The problem here is that you've got a single point of access to your site.  The built in security mechanisms operate based on the end file being accessed and not the unique urls.  Therefore I think you would have to implement your own security safeguards into the template.  Regardless of anonymous or authenticated access restrictions, from the Security point of view, every role/user will have access to the template.aspx and so you won't see any sitemap filtering unless you write your own provider to eliminate the url auth checking. 
--
Danny

disclaimer: Information provided is 'as is' and conveys no warranties or guarantees.
4 Items, 1 Pages 1 |< << Go >> >|



Search This Site:


Meet Our Sponsors:



Other Resources:

External Email to Distribution Lists - novell.support.groupwise.6x.gwia - Web Programming Newsgroups External Email to Distribution Lists, > ROOT > NEWSGROUP > Novell Forums > novell.support. ... securitytrimmingenabled in templated solution. menu with security ...
Flyout Menus - macromedia.feedback.www-macromedia-com - Web Programming ... Flyout Menus, > ROOT > NEWSGROUP > Adobe-Macromedia Forums > macromedia.feedback.www-macromedia-com, Date: 2/18 ... securitytrimmingenabled in templated ...
COPYRIGHTED MATERIAL in themes, 301–303. themes, other potential solutions, 300–301. themes page inheritance, 293–298 ... securityTrimmingEnabled property, 188. Select buttons, 175 ...
ASP.NET 2.0 Login Controls and Security Standardized solution for storing forms. authentication data ... All the login controls can be templated. Demo. • Building a Site using the Login controls ...
CodeProject: Suite of MySQL Provider Implementations for ASP.NET 2.0 ... ... "MySQL site map provider" securityTrimmingEnabled="true" ... A data-driven, templated sub-class of the ASP.NET ... have a solution in the near ...
Extending the Club Web Site Starter Kit ... the Links.aspx page in the Visual Web Developer Solution Explorer and rename the ... to want to alter the DocumentName column to be a templated column. ...
January 2006 - Posts - Jeff Lynch [MVP] ... outlined in Dan Cederholm's two great books, Bulletproof Web Design and Web Standards Solutions. ... server control and a templated Menu server control. ...
LAMPProject: Suite of MySQL Provider Implementations for ASP.NET 2.0 ... A data-driven, templated sub-class of the ASP.NET Calendar control ... Another solution might be to migrate to the MySQL/Net Connector that has ...
Index templated controls, 164–165. without writing code, 64. XML file, 163 ... best solution for, 2–3 <hostingEnvironment/> section, 542. Hot Spot controls, 433–434 ...
ASP.NET Development I'm building a solution where I have custom components in a web content ... securityTrimmingEnabled hides files that should be exposed ...
 
All Times Are GMT