Menu security trimming with areas having same controller names

9 posts, 0 answers
  1. Henry
    Henry avatar
    14 posts
    Member since:
    Feb 2014

    Posted 13 Jan 2015 Link to this post

    Hi,

    I've noticed that security trimming doesn't work when there's another controller with the same name in another area. We have one extra area currently in use, named "Mobile".

    We correctly have the namespaces set up for each route, so the actions work fine otherwise between areas. For example our default route looks like this:

    routes.MapRoute(     
                    "Default",
                    "{controller}/{action}/{id}",
                    new { controller = "Home", action = "Index", id = UrlParameter.Optional },
                    new[] { "MvcApp.Controllers" } //namespace
                );

    Example menu:

    @(Html.Kendo().Menu()
        .Name("menu")
        .Items(menu => {
            menu.Add().Text("About").Action("About", "Home", new { area = "" });
        }))

    Security trimming won't work, unless our Mobile area's HomeController also has that same action (About()). If it's not there, authorize attribute won't work for the menu.
  2. Georgi Krustev
    Admin
    Georgi Krustev avatar
    3706 posts

    Posted 14 Jan 2015 Link to this post

    Hello Henry,

    The described problem is not a known issue. Could you provide more details about your current site structure - controllers/actions/areas? You can try to modify this code library in order to replicate the issue.
    Observing the erroneous behavior locally will help us to narrow the problem down much faster and follow you up with more details.

    Regards,
    Georgi Krustev
    Telerik
     
    Join us on our journey to create the world's most complete HTML 5 UI Framework - download Kendo UI now!
     
  3. Kendo UI is VS 2017 Ready
  4. Henry
    Henry avatar
    14 posts
    Member since:
    Feb 2014

    Posted 15 Jan 2015 Link to this post

    Hi Georgi,

    I was able to reproduce this issue by making changes to the sample project in this older thread: http://www.telerik.com/forums/menu-does-not-work-with-areas

    I added empty HomeController to "MyArea", and then changed the menu to:

    @(Html.Kendo().Menu()
     .Name("menu")
     .Items(menu => {
      menu.Add().Text("About").Action("About", "Home", new { area = "" });
    }))

    Then I decorated the "root" area's About action with [Authorize(Roles = "Admin")].

    Security trimming will only work if I then add About action to "MyArea" as well.

    To support duplicate controller names, I added the namespace setting to route:

    routes.MapRoute(
                    "Default",
                    "{controller}/{action}/{id}",
                    new {controller = "Home", action = "Index", id = UrlParameter.Optional},
                    new[] {"MvcApplication4.Controllers"}
                    );

  5. Georgi Krustev
    Admin
    Georgi Krustev avatar
    3706 posts

    Posted 19 Jan 2015 Link to this post

    Hello Henry,

    Thank you for the repro steps. I was able to observe the depicted issue. We will further investigate the case and will try to address the problem for the next service pack of Kendo UI due within a month.

    Regards,
    Georgi Krustev
    Telerik
     
    Join us on our journey to create the world's most complete HTML 5 UI Framework - download Kendo UI now!
     
  6. Henry
    Henry avatar
    14 posts
    Member since:
    Feb 2014

    Posted 13 Apr 2015 Link to this post

    Hi,

     I was browsing through the release notes in recent versions, and couldn't find this issue mentioned.

     Has this been fixed in current version?

     Thanks...

  7. Georgi Krustev
    Admin
    Georgi Krustev avatar
    3706 posts

    Posted 15 Apr 2015 Link to this post

    Hello Henry,

    I am afraid that we postponed the fix for later Kendo UI release, as there are tasks/bugs with higher priority. The fix is scheduled for Q2 2015 release, but I cannot guarantee whether it will be fixed or not. 

    Regards,
    Georgi Krustev
    Telerik
     
    Join us on our journey to create the world's most complete HTML 5 UI Framework - download Kendo UI now!
     
  8. Henry
    Henry avatar
    14 posts
    Member since:
    Feb 2014

    Posted 27 Jul 2015 in reply to Georgi Krustev Link to this post

    Hi,

    any news on the fix? I didn't see it mentioned in Q2 release notes.

    Thanks again...

  9. Georgi Krustev
    Admin
    Georgi Krustev avatar
    3706 posts

    Posted 29 Jul 2015 Link to this post

    Hello Henry,

    I am afraid that the issue is still not scheduled for implementation. For your convenience, I will post an update here once the issue is fixed.

    Regards,
    Georgi Krustev
    Telerik
     
    Join us on our journey to create the world's most complete HTML 5 UI Framework - download Kendo UI now!
     
  10. Georgi Krustev
    Admin
    Georgi Krustev avatar
    3706 posts

    Posted 22 Nov Link to this post

    Hi,

    I moved the issue in our public issue tracker:

    https://github.com/telerik/kendo-ui-core/issues/2468

    You can follow the progress of the issue there.

    Regards,
    Georgi Krustev
    Telerik by Progress
    Kendo UI is ready for Visual Studio 2017 RC! Learn more.
Back to Top
Kendo UI is VS 2017 Ready