Membership roles security?

5 posts, 1 answers
  1. Megan Airs
    Megan Airs avatar
    3 posts
    Member since:
    Oct 2007

    Posted 06 Nov 2008 Link to this post

    I have a website that uses the ASP login system and make use of a few membership roles.

    I'd like to be able to have some of the pages linked on my RadMenu to be greyed out for certain users based on their role.


    Is this possible?


    I can give more detail if necessary.
  2. Paul
    Admin
    Paul avatar
    4281 posts

    Posted 06 Nov 2008 Link to this post

    Hello Megan Airs,

    We recommend using the SiteMapDataSource and the security trimming feature. This approach should work with all RadControls which support binding to SiteMapDataSource (toolbar, menu, tabstrip etc).

    If you are using custom implementation of users and roles you need to programmatically remove or hide the items which should not be visible.

    All the best,
    Paul
    the Telerik team

    Check out Telerik Trainer, the state of the art learning tool for Telerik products.
  3. Megan Airs
    Megan Airs avatar
    3 posts
    Member since:
    Oct 2007

    Posted 06 Nov 2008 Link to this post

    Thanks, that's the type of thing I was looking for. Unfortunetly I still have a slight issue...

    It works perfectly when I'm only allowing certain roles to the top hierarchy of the menu, so for example:

    <siteMap xmlns="http://schemas.microsoft.com/AspNet/SiteMap-File-1.0" > 
    <siteMapNode title="Home" roles="Standard, Admin, Release">  
    <siteMapNode url="Default.aspx" roles="*"></siteMapNode> 
    <siteMapNode url="" title="Users" roles ="Standard, Admin, Release">   
    <siteMapNode url="./UserManager/Login.aspx" title="User Management" roles="Admin" /> 
    <siteMapNode url="AliasUser.aspx" title="Alias User" /> 
    </siteMapNode> 
    </siteMapNode> 
    </siteMap> 
     

    It works fine when I block everyone but standard users in the "Users" node which is currently set to Standard, Admin, Release.
     
    But when I want the "User Management" page  to only be seen by Admins within the Users node, it still shows that page to the other roles, it seems to override that with whatever you use in the top hierarchy...

    Any ideas?



     

     




     

     

     

     

     

     

  4. Answer
    Paul
    Admin
    Paul avatar
    4281 posts

    Posted 06 Nov 2008 Link to this post

    Hi Megan Airs,

    Problems with security trimming can be easily tracked down by using a built-in control along with ours (e.g. asp:Menu or asp:TreeView). If they behave in the same way then the problem is somewhere in your implementation.

    On aside note, security trimming is a feature of the site map provider - it should not be related with the control which is databound.

    You can find more information in Google or read the following MSDN article. Also Scott Mitchell wrote a nice tutorial with source code.
    http://aspnet.4guysfromrolla.com/articles/122805-1.aspx 
    http://msdn2.microsoft.com/en-us/library/ms178428(VS.80).aspx

    Our navigation controls mimic the default ASP.NET menu in terms of sitemap support

    All the best,
    Paul
    the Telerik team

    Check out Telerik Trainer, the state of the art learning tool for Telerik products.
  5. Megan Airs
    Megan Airs avatar
    3 posts
    Member since:
    Oct 2007

    Posted 06 Nov 2008 Link to this post

    Ok, thanks for your help, I'll try those links.
Back to Top