Rank 2
Thanks,
King Wilder
11 Answers, 1 is accepted
Kendo UI is client-side library and does not do security trimming which is a server-side feature. You can however use the MVC wrapper of the Menu which supports security trimming.
Regards,Atanas Korchev
the Telerik team
Rank 1
Could you elaborate? What examples do you need? The MVC menu performs security trimming by default .
Regards,Atanas Korchev
the Telerik team
Rank 1
I must be doing something wrong as I am unable to get it to work. The menu correctly binds to the sitemap, but instead of not showing the "Dinners" menu because I do not have myself set up an an Admin it displays all of it. Here is what I have. Maybe you'll see where I went astray.
Web.sitemap (in the root of the MVC application)
<?xml version="1.0" encoding="utf-8" ?>
<siteMap>
<siteMapNode title="" description="" roles="*">
<siteMapNode title="Home" controller="Home" action="Index">
<siteMapNode title="Contact" controller="Home" action="Contact" />
<siteMapNode title="Abount" controller="Home" action="About" />
</siteMapNode>
<siteMapNode title="Dinners" controller="Dinners" action="Index" roles="Admin">
</siteMapNode>
</siteMap>
WebApiConfig.cs (Called from Global.asax)
using Kendo.Mvc;
public static void RegisterSiteMap()
{
if(!SiteMapManager.SiteMaps.ContainsKey("WebSiteMap"))
{
SiteMapManager.SiteMaps.Register<XmlSiteMap>("WebSiteMap", sitemap => sitemap.LoadFrom("~/Web.sitemap"));
}
}
_Layout.cshtml
<nav>
@if(Request.IsAuthenticated)
{
@Html.Kendo().Menu()
.Name("SiteNav")
.Direction(MenuDirection.Bottom)
.SecurityTrimming(true)
.BindTo("WebSiteMap", (item, siteMapNode) => {})
}
</nav>
Thanks for your help!
The menu relies on the AuthorizeAttribute. You can try decorating your action methods with it. Probably this is what is missing.
Regards,Atanas Korchev
the Telerik team
Rank 1
I had the [Authorize] attribute on the controller, but no roles specified [Authorize(Roles="Admin")]
Also, I did not need to configure the sitemap with roles, so that cleaned up nicely as well:
<?xml version="1.0" encoding="utf-8" ?>
<siteMap>
<siteMapNode title="" description="">
<siteMapNode title="Home" controller="Home" action="Index">
<siteMapNode title="Contact" controller="Home" action="Contact" />
<siteMapNode title="Abount" controller="Home" action="About" />
</siteMapNode>
<siteMapNode title="Dinners" controller="Dinners" action="Index">
</siteMapNode>
</siteMap>
Rank 1
You need to decorate your action method with the authorize attribute and specify the roles there:
[Authorize(Roles="Admin")]
public ActionResult Admin()
{
}
The menu will use it at runtime to show or hide any links to this action method.
Regards,
Atanas Korchev
Telerik
Rank 1
Hello,
I'm trying to apply this to my sitemap menu and it works from home page.
However, this doesn't work properly from an area controller : when I'm on an area page, the security trimming doesn't seem to work cause all menus are displayed although user is not authorized.
Can you please help me fix this ? Does this have something to do with routing (although deduced urls are correct, using area/controller/action attributes in the xml sitemap) ?
Here is what my RouteConfig.vb looks like :
routes.MapRoute( name:="Default", url:="{controller}/{action}/{id}", defaults:=New With {.controller = "Home", .action = "Index", .id = UrlParameter.Optional}, namespaces:={"WebMVC.Controllers", "WebMVC.Areas.MyFirstArea.Controllers", "WebMVC.MySecondArea.Controllers"} ).DataTokens("UseNamespaceFallback") = False
Also, the hideparent property is working only with the closest parent, but not with higher level parents. I think this is a bug. Can you please help me with a workaround ?
Thanks and regards.
Rank 1
Does this have something to do with routing (although deduced urls are correct, using area/controller/action attributes in the xml sitemap) ?
[/quote]
Actually, there's no difference using the following routing configuration :
routes.MapRoute( name:="AreaRoute", url:="{area:exists}/{controller}/{action}/{id}", defaults:=New With {.controller = "Home", .action = "Index", .id = UrlParameter.Optional} ) routes.MapRoute( name:="Default", url:="{controller}/{action}/{id}", defaults:=New With {.controller = "Home", .action = "Index", .id = UrlParameter.Optional} )
As discussed in the support ticket opened on the same topic, the described behavior with the Area controllers is a bug (http://www.telerik.com/forums/menu-security-trimming-with-areas-having-same-controller-names). I also raised the priority due to this report.
Regards,
Ianko
Progress Telerik