MVC Menu not rendering items with areas

4 posts, 0 answers
  1. Bill
    Bill avatar
    3 posts
    Member since:
    Dec 2013

    Posted 10 May Link to this post

    I'm currently working on a .NET MVC app with one area, Inside, and then a single controller on the root area, Home.  What I'm noticing is something somewhat similar to what is discussed in this post; I have a Home controller in both my root and Inside areas, and when the menu attempts to render the links to the root actions while at an Inside url, such as /Inside/Account/Login, the links to any Home actions which are present in both the Inside and root areas are not rendered.  I noticed that if I take away the [Authorize] attribute on my Inside Home controller, the actions do render properly i.e. /Home/Index is rendered.  However, I want to make sure that my inside controllers are decorated with the Authorize attribute.

     

    For example, with the following code snippet

    // Root Home Controller
    public class HomeController : Controller {
        // Doesn't render
        public ActionResult Index() { return View(); }
        // Doesn't render
        public ActionResult Contact() { return View(); }
        // Renders
        public ActionResult About() { return View(); }
    }
     
    // Inside Home controller
    [Authorize]
    public class Home : Controller {
        public ActionResult Index() { return View(); }
        public ActionResult About() { return View(); }
    }
     
    // /Inside/Account/Login View snippet
    @(Html.Kendo().Menu().Name("MainMenu").Items(children =>
    {
        items.Add().Text("Root Home").Action("Index", "Home", new { area = "" });
        items.Add().Text("Root Contact").Action("Contact", "Home", new { area = "" });
        items.Add().Text("Root About").Action("About", "Home", new { area = "" });
        items.Add().Text("Login").Action("Account", "Login", new { area = "Inside" });
    }))

    if I go to /Home/Index or /Home/Contact I get a menu the menu you would expect (as seen in Correct.png), whereas if I go to /Inside/Account/Login, I get a menu with only the About and Login buttons (as seen in Incorrect.png).  My guess is that the Telerik Menu rendering function is attempting to security trim [Authorize] decorated action links with identical names disregarding the area in which the action was specified.

    I'm wondering if there is a better way around this bug than to decorate my Inside.Home.Index/Contact actions with [AllowAnonymous] and using a redirect to the root area if a user is not authenticated.

     

     

  2. T. Tsonev
    Admin
    T. Tsonev avatar
    2770 posts

    Posted 12 May Link to this post

    Hi,

    We'll try to replicate this issue in a local project in order to troubleshoot it.

    For the moment I can only suggest disabling the security trimming, if it doesn't affect the rest of your application:
    @(Html.Kendo().Menu().Name("MainMenu").Items(children =>
    {
        items.Add().Text("Root Home").Action("Index", "Home", new { area = "" });
        items.Add().Text("Root Contact").Action("Contact", "Home", new { area = "" });
        items.Add().Text("Root About").Action("About", "Home", new { area = "" });
        items.Add().Text("Login").Action("Account", "Login", new { area = "Inside" });
    })
    .SecurityTrimming(false)
    )

    Apologies for the caused inconvenience.

    Regards,
    T. Tsonev
    Telerik
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
  3. UI for ASP.NET MVC is VS 2017 Ready
  4. Bill
    Bill avatar
    3 posts
    Member since:
    Dec 2013

    Posted 12 May in reply to T. Tsonev Link to this post

    Thanks for the reply.

     

    I was able to find a way around the problem by adding the [AllowAnonymous] attribute to my Inside Home controller actions that are on the outside, and then added a function to force a redirect to the corresponding outside Home action if a user is not logged in.

     

    In regards to creating a project to expose the error, all you should need is:

    • 1 Area with a 1 controller decorated with an Authorize attribute, and one of the actions with an AllowAnonymous
    • 1 controller in the root area with the same name as the authorized area controller
    • Rendering the menu with actions that are on the area and root controllers

    Thanks for looking into it, hopefully this will be fixed in a future release :)

  5. T. Tsonev
    Admin
    T. Tsonev avatar
    2770 posts

    Posted 12 May Link to this post

    Hello,

    I tried reproducing the issue in the attached project, but without much luck.

    Can you please have a look to see if I'm missing something?

    Regards,
    T. Tsonev
    Telerik
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
Back to Top
UI for ASP.NET MVC is VS 2017 Ready