This question is locked. New answers and comments are not allowed.
Patrick Barranis
Top achievements
Rank 1
Rank 1
Patrick Barranis
asked on 05 Mar 2010, 03:40 PM
Hi. I've implemented a custom authorization attribute that inherits AuthorizeAttribute. When I use the AuthorizeAttribute on an Action in my controller, if I reference the same action in my Telerik Menu it appears fine on the website.
However, if I use my custom attribute (source code below), on either the Controller definition (at the top) or on the Action method itself then the item disappears from my menu.
I never would have expected the Telerik Menus to automatically try to check AuthorizeAttributes and hide items dynamically - I love it! This is a great feature, but unfortunately it's not working for me. Here's the source from my custom attribute:
| Public Class MutiSiteAuthorizeAttribute |
| Inherits AuthorizeAttribute |
| Private _rightNeeded As Rights = Rights.LoginToWebsite |
| Public Sub New(ByVal right As Rights) |
| _rightNeeded = right |
| End Sub |
| Protected Overrides Function AuthorizeCore(ByVal httpContext As System.Web.HttpContextBase) As Boolean |
| If Not httpContext.User.Identity.IsAuthenticated Then |
| Return False |
| End If |
| Return BLL.Roles.UserCan(_rightNeeded, httpContext.User) |
| End Function |
| End Class |
I'm running Telerik MVC 2010.1.218.235, Microsoft MVC 2 RC2 on VS 2008SP1 (On Win7 Enterprise & with the ASP.NET Development Server). I'm also running on old Coke, not new Coke :)
Many thanks in advance!
13 Answers, 1 is accepted
0
Hello Patrick Barranis,
Would you please elaborate a bit more. I mean what is your expected behavior it should show or hide the menu item?
Best wishes,
Kazi Manzur Rashid
the Telerik team
Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items.
Would you please elaborate a bit more. I mean what is your expected behavior it should show or hide the menu item?
Best wishes,
Kazi Manzur Rashid
the Telerik team
Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items.
0
Patrick Barranis
Top achievements
Rank 1
Rank 1
answered on 09 Mar 2010, 01:52 PM
Hi Kazi. I'm sorry - I was a bit unclear. Based on the fact that the item disappeared I was assuming that the intended design, by Telerik, was that the item would show or hide based on the role of the user that's logged in. However, that's just an educated guess.
If the control is not designed to automatically hide items that the user doesn't have permission to access, then I would simply expect that the item in the menu is always visible. I would not have expected that the item suddenly disappear when I added the attribute.
In either case the item shouldn't have disappeared. The user logged-in has the necessary rights to perform that action, and if I type the URL manually into the browser, the action runs successfully without a security exception.
Thanks,
Patrick
0
Hi Patrick Barranis,
Yes you are correct, it is designed in a way that the item will hide if the user does not have the permission.
When rendering the navigational components like menu/tree/panelbar/tab we check whether the associated action does have the permission. The Action or Controller are decorated with Authorize attribute so typing directly to that Url willl result same security exception.
All the best,
Kazi Manzur Rashid
the Telerik team
Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items.
Yes you are correct, it is designed in a way that the item will hide if the user does not have the permission.
When rendering the navigational components like menu/tree/panelbar/tab we check whether the associated action does have the permission. The Action or Controller are decorated with Authorize attribute so typing directly to that Url willl result same security exception.
All the best,
Kazi Manzur Rashid
the Telerik team
Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items.
0
Patrick Barranis
Top achievements
Rank 1
Rank 1
answered on 10 Mar 2010, 01:01 PM
Hi Kazi,
I think it's great that this feature exists; I really like the idea.
However, clearly it's not functioning properly for me. If I access the URL directly a security exception does not get thrown, yet the item/action still disappears from the menu. Can you help me out?
Thanks,
Patrick
PS - Due to a unrelated support ticket I have ongoing, I just tested version 2010.1.309, which I'm told is basically RTW for Q1, and the problem wasn't fixed by running that version either.
0
Hello Patrick Barranis,
Ok can you please describe the exact case, I mean where did you put the MutiSiteAuthorizeAttribute that you described below, in action method or the whole controller, does any other authorization attribute also involved? You can just post the signature of the controller as well as the sitemap defination.
Kind regards,
Kazi Manzur Rashid
the Telerik team
Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items.
Ok can you please describe the exact case, I mean where did you put the MutiSiteAuthorizeAttribute that you described below, in action method or the whole controller, does any other authorization attribute also involved? You can just post the signature of the controller as well as the sitemap defination.
Kind regards,
Kazi Manzur Rashid
the Telerik team
Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items.
0
Patrick Barranis
Top achievements
Rank 1
Rank 1
answered on 12 Mar 2010, 04:15 PM
Hi Kazi,
Have you tried putting this attribute into a demo or sample site on your end? I finally did that here, and it failed immediately. It turns out I was able to learn something that should help you find the problem pretty quickly: If I add an empty constructor to the attribute it works fine. If there's no empty constructor, none of the constructors even get called by the Telerik code.
For now I'll leave an empty constructor in our code just for the Telerik Menu to use, but I hope this will get fixed for the next release.
Thanks,
Patrick
0
Patrick Barranis
Top achievements
Rank 1
Rank 1
answered on 12 Mar 2010, 05:17 PM
I was wrong... it doesn't work fine if I make a default, empty constructor. Only the default constructor gets called, so whatever I return for that default case is what always gets returned.
Here's the sample attribute I made to test in an empty project:
| Public Class MutiSiteAuthorizeAttribute |
| Inherits AuthorizeAttribute |
| Private val As String |
| Public Sub New() |
| val = "qwerty" |
| End Sub |
| Public Sub New(ByVal right As String) |
| val = right |
| End Sub |
| Protected Overrides Function AuthorizeCore(ByVal httpContext As System.Web.HttpContextBase) As Boolean |
| Return val = "asdf" |
| End Function |
| End Class |
As you can see, it's designed to fail if the default constructor is called. If, however, the "normal" constructor is called with "asdf" it will return True.
And here's how I decorated the Home -> About action in a completely empty, default MVC project:
| <MutiSiteAuthorize("asdf")> _ |
| Function About() As ActionResult |
| Return View() |
| End Function |
The Telerik Menu I placed on the page never shows the "About" menu item. If I set breakpoints, the default constructor is the only one that gets called (ever). Yes if I type in the url http://localhost/Home/About, the page renders fine.
I've tested my real website similarly and I get exactly the same results. I have even checked that if I'm logged in under a user that shouldn't get to some pages I can type in the URL manually and I get kicked to the login page, but if I'm logged in under a user that can get to any page then typing in the URL works fine.
Let me know if you want my copy of this test project, however, all my changes are in the code blocks above.
Thanks,
Patrick
0
Hello Patrick Barranis,
Yes you are absolutly correct, we do not support parameterized constructors as we have to IL generate the class at runtime. I hope this will not change in near future and I suggest to use properties instead of parameterized ctors.
Best wishes,
Kazi Manzur Rashid
the Telerik team
Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items.
Yes you are absolutly correct, we do not support parameterized constructors as we have to IL generate the class at runtime. I hope this will not change in near future and I suggest to use properties instead of parameterized ctors.
Best wishes,
Kazi Manzur Rashid
the Telerik team
Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items.
0
Patrick Barranis
Top achievements
Rank 1
Rank 1
answered on 12 Mar 2010, 07:33 PM
Hi Kazi,
Wow, that sounds convoluted. How do I use properties with an attribute? I'm looking at the AuthorizeAttribute in the MSDN documentation, and I honestly hadn't even realized that it wasn't a parameterized constructor. I always used it as [Authorize("MyRole"] (or <Authorize("MyRole")> in VB...). I'm a little mystified about how this even works... I'd really appreciate some sort of example.
Also, are you going to document the need for an empty constructor somewhere? This wasn't exactly easy to get to the bottom of...
Thanks,
Patrick
0
Patrick Barranis
Top achievements
Rank 1
Rank 1
answered on 12 Mar 2010, 08:03 PM
Hi Kazi. I got it. It appears you can access properties through constructors (in VB, anyways) through the exact same ":=" syntax as optional parameters. I still don't quite grok how the AuthorizeAttribute can accept an unnamed parameter, like in my example in my last post, but I shall let that go.
That appears to have solved it. It's working 100% correctly; thanks!
Patrick
0
Ishtiyaq
Top achievements
Rank 1
Rank 1
answered on 06 Oct 2011, 05:03 PM
Kazi,
Can you send me the an Example how can hide the menu items dynamically on user permissions. I really dont how how can I play with permissions on hiding the pages and menus. Please, guide ASAP.
Regards,
Ishtiyaq Mohammed.
Can you send me the an Example how can hide the menu items dynamically on user permissions. I really dont how how can I play with permissions on hiding the pages and menus. Please, guide ASAP.
Regards,
Ishtiyaq Mohammed.
0
Faisal Alam
Top achievements
Rank 2
Rank 2
answered on 16 Nov 2011, 05:06 AM
Kazi,
Can you send me the same sample code please. Thanks
Can you send me the same sample code please. Thanks
0
Hello Faisal,
Georgi Krustev
the Telerik team
I have attached a simple test project, which shows how the required task is accomplished.
Georgi Krustev
the Telerik team
If you want to get updates on new releases, tips and tricks and sneak peeks at our product labs directly from the developers working on the Telerik Extensions for ASP.MET MVC, subscribe to their blog feed now