Binding to SiteMap with Security Trimming on Roles

12 posts, 0 answers
  1. King Wilder
    King Wilder avatar
    240 posts
    Member since:
    Oct 2007

    Posted 26 Jun 2012 Link to this post

    Is this functionality supported in the present version?  Is Security Trimming available for site maps?

    Thanks,

    King Wilder
  2. Atanas Korchev
    Admin
    Atanas Korchev avatar
    8462 posts

    Posted 27 Jun 2012 Link to this post

    Hi King,

     Kendo UI is client-side library and does not do security trimming which is a server-side feature. You can however use the MVC wrapper of the Menu which supports security trimming.

    Regards,
    Atanas Korchev
    the Telerik team
    Join us on our journey to create the world's most complete HTML 5 UI Framework - download Kendo UI now!
  3. Xebra
    Xebra avatar
    5 posts
    Member since:
    Sep 2012

    Posted 06 Feb 2013 Link to this post

    Any examples?
  4. Atanas Korchev
    Admin
    Atanas Korchev avatar
    8462 posts

    Posted 07 Feb 2013 Link to this post

    Hi Gregg,

    Could you elaborate? What examples do you need? The MVC menu performs security trimming by default .

    Regards,
    Atanas Korchev
    the Telerik team
    Join us on our journey to create the world's most complete HTML 5 UI Framework - download Kendo UI now!
  5. Xebra
    Xebra avatar
    5 posts
    Member since:
    Sep 2012

    Posted 07 Feb 2013 Link to this post

    Hi Atanas,

    I must be doing something wrong as I am unable to get it to work. The menu correctly binds to the sitemap, but instead of not showing the "Dinners" menu because I do not have myself set up an an Admin it displays all of it. Here is what I have. Maybe you'll see where I went astray.

    Web.sitemap (in the root of the MVC application)

    <?xml version="1.0" encoding="utf-8" ?>
    <siteMap>
    <siteMapNode title="" description="" roles="*">
        <siteMapNode title="Home" controller="Home" action="Index">
            <siteMapNode title="Contact" controller="Home" action="Contact" />
            <siteMapNode title="Abount" controller="Home" action="About" />
        </siteMapNode>
        <siteMapNode title="Dinners" controller="Dinners" action="Index" roles="Admin">
    </siteMapNode>
    </siteMap>

    WebApiConfig.cs (Called from Global.asax)

    using Kendo.Mvc;
    public static void RegisterSiteMap()
    {
        if(!SiteMapManager.SiteMaps.ContainsKey("WebSiteMap"))
        {
            SiteMapManager.SiteMaps.Register<XmlSiteMap>("WebSiteMap", sitemap => sitemap.LoadFrom("~/Web.sitemap"));
        }
    }

    _Layout.cshtml

    <nav>
    @if(Request.IsAuthenticated)
    {
        @Html.Kendo().Menu()
        .Name("SiteNav")
        .Direction(MenuDirection.Bottom)
        .SecurityTrimming(true)
        .BindTo("WebSiteMap", (item, siteMapNode) => {})
    }
    </nav>

    Thanks for your help!
  6. Atanas Korchev
    Admin
    Atanas Korchev avatar
    8462 posts

    Posted 07 Feb 2013 Link to this post

    Hi Gregg,

     The menu relies on the AuthorizeAttribute. You can try decorating your action methods with it. Probably this is what is missing.

    Regards,
    Atanas Korchev
    the Telerik team
    Join us on our journey to create the world's most complete HTML 5 UI Framework - download Kendo UI now!
  7. Xebra
    Xebra avatar
    5 posts
    Member since:
    Sep 2012

    Posted 07 Feb 2013 Link to this post

    Awesome, that worked! I appreciate it!!!

    I had the [Authorize] attribute on the controller, but no roles specified [Authorize(Roles="Admin")]

    Also, I did not need to configure the sitemap with roles, so that cleaned up nicely as well:

    <?xml version="1.0" encoding="utf-8" ?>
    <siteMap>
    <siteMapNode title="" description="">
        <siteMapNode title="Home" controller="Home" action="Index">
            <siteMapNode title="Contact" controller="Home" action="Contact" />
            <siteMapNode title="Abount" controller="Home" action="About" />
        </siteMapNode>
        <siteMapNode title="Dinners" controller="Dinners" action="Index">
    </siteMapNode>
    </siteMap>

  8. Indramani
    Indramani avatar
    2 posts
    Member since:
    Apr 2014

    Posted 05 Jun 2014 in reply to Xebra Link to this post

    Can I get the code how you render menu without mentioning any role property to sitemap and also in your controller
  9. Atanas Korchev
    Admin
    Atanas Korchev avatar
    8462 posts

    Posted 10 Jun 2014 Link to this post

    Hi,

    You need to decorate your action method with the authorize attribute and specify the roles there:

    [Authorize(Roles="Admin")]
    public ActionResult Admin()
    {
    }

    The menu will use it at runtime to show or hide any links to this action method.

    Regards,
    Atanas Korchev
    Telerik
     
    Join us on our journey to create the world's most complete HTML 5 UI Framework - download Kendo UI now!
     
  10. Eva
    Eva avatar
    7 posts
    Member since:
    Mar 2017

    Posted 31 Jul Link to this post

    Hello,

    I'm trying to apply this to my sitemap menu and it works from home page.

    However, this doesn't work properly from an area controller : when I'm on an area page, the security trimming doesn't seem to work cause all menus are displayed although user is not authorized.

    Can you please help me fix this ? Does this have something to do with routing (although deduced urls are correct, using area/controller/action attributes in the xml sitemap) ?

    Here is what my RouteConfig.vb looks like :

    routes.MapRoute(
                name:="Default",
                url:="{controller}/{action}/{id}",
                defaults:=New With {.controller = "Home", .action = "Index", .id = UrlParameter.Optional},
                namespaces:={"WebMVC.Controllers", "WebMVC.Areas.MyFirstArea.Controllers", "WebMVC.MySecondArea.Controllers"}
            ).DataTokens("UseNamespaceFallback") = False

     

    Also, the hideparent property is working only with the closest parent, but not with higher level parents. I think this is a bug. Can you please help me with a workaround ?

    Thanks and regards.

  11. Eva
    Eva avatar
    7 posts
    Member since:
    Mar 2017

    Posted 31 Jul in reply to Eva Link to this post

    Eva said:

    Does this have something to do with routing (although deduced urls are correct, using area/controller/action attributes in the xml sitemap) ?

    Actually, there's no difference using the following routing configuration :

    routes.MapRoute(
                name:="AreaRoute",
                url:="{area:exists}/{controller}/{action}/{id}",
                defaults:=New With {.controller = "Home", .action = "Index", .id = UrlParameter.Optional}
            )
     
            routes.MapRoute(
                name:="Default",
                url:="{controller}/{action}/{id}",
                defaults:=New With {.controller = "Home", .action = "Index", .id = UrlParameter.Optional}
            )
  12. Ianko
    Admin
    Ianko avatar
    1711 posts

    Posted 01 Aug Link to this post

    Hello Eva,

    As discussed in the support ticket opened on the same topic, the described behavior with the Area controllers is a bug (http://www.telerik.com/forums/menu-security-trimming-with-areas-having-same-controller-names). I also raised the priority due to this report.

    Regards,
    Ianko
    Progress Telerik
    Try our brand new, jQuery-free Angular 2 components built from ground-up which deliver the business app essential building blocks - a grid component, data visualization (charts) and form elements.
Back to Top