hi ,
I am going to add a kendo Menu to my existing ASP.NET Core 2.2 MVC app.
Two questions come to mind :
1.Do I add the menu to _Layout.cshtml ?
2.how to security trimming . I'm using Azure Active directory (example controller decoration [Authorize(Policy = "CanAccessAdminGroup")]
Any examples ?
Thanks alot in advance,
Peter
12 Answers, 1 is accepted
Rank 1
OK - I answered my own question.
This wki explains :
https://docs.telerik.com/aspnet-core/html-helpers/navigation/menu/security-trimming
Rank 1
Rank 1
Any suggestions about my question : MenuItemBuilder does not contain a definition for SecurityTrimming ?
Thanks, Peter
The Kendo UI Menu widget has a built-in security trimming functionality. If the URL to which the Menu item points is not authorized, then the Menu item is hidden. Here is a video showing this behavior:
https://take.ms/zP40x
I could suggest you to take a look at this article, where you could find a link to this runnable sample from the video I provided. You could use it as a reference for building your custom scenario for the ASP.NET Core 2.2 MVC app.
I hope you will find this information helpful.
Best Regards,
Misho
Progress Telerik
Rank 1
hi Misho,
I am looking at KendoMenu_SecurityTrimming
I still don't understand how the 2 menu options disapper and appear based on being authenticate.
_Layout.cshtml shows this :
menu.Add().Text("About").Action("About", "Home", new { area = "" });
menu.Add().Text("Contact").Action("Contact", "Home", new { area = "" });
Thanks,Peter
Rank 1
Does it work because Home controller is decorated with [Authorize], AND About action does not [AllowAnonymous] ?
The Kendo UI Menu widget has a built-in security trimming functionality, which is enabled by default. If the URL, which the Menu item points to, is not authorized, then it is hidden. Security trimming depends on the ASP.NET MVC Authorization. Every action method decorated with AuthorizeAttribute checks whether the user is authorized and allows or forbids the request. More information could be found in the following article: https://docs.telerik.com/aspnet-mvc/helpers/menu/overview#security-trimming
Here is the menu configuration for your reference:
@(Html.Kendo().Menu() .Name("menu") .Items(menu => { menu.Add().Text("Home").Action("Index", "Home", new { area = "" }); menu.Add().Text("About").Action("About", "Home", new { area = "" }); menu.Add().Text("Contact").Action("Contact", "Home", new { area = "" }); if (Request.IsAuthenticated) { menu.Add().Text("Hello " + User.Identity.GetUserName() + "!").Action("Index", "Manage", routeValues: null).ContentHtmlAttributes(new { title = "Manage" }); menu.Add().Text("Log Off").HtmlAttributes(new { onclick = "getElementById('logoutForm').submit()" }); } else { menu.Add().Text("Register").Action("Register", "Account", routeValues: null).ContentHtmlAttributes(new { id = "registerLink" }); menu.Add().Text("Log in").Action("Login", "Account", routeValues: null).ContentHtmlAttributes(new { id = "loginLink" }); } }) )Best Regards,
Misho
Progress Telerik
Rank 1
hi Misho,
Unfortunately this does not work.should i create a Ticket?
i have a mvc controller decorated with [Authorize(Policy = "CanAccessSomeGroup")] <-- this words for authorization. But kendo menu still shows it.
Thanks,Peter
I would suggest you to take a look at the implementation in Security Triming sample that we provide in our Github repo. Here is a video showing the security trimming functionality in action:
https://take.ms/zP40x
The "Contacts" and "About" items doesn't have [AllowAnonymous] attribute and are visible only if the user is logged in:
https://github.com/telerik/ui-for-aspnet-mvc-examples/blob/master/menu/security-trimming/KendoMenu_SecurityTrimming/Controllers/HomeController.cs
In case you are experiencing issues I would recommend you to open a support ticket with the problem and isolate and send your implementation back in sample fully runnable project that demonstrates the problem so we would be able to run it locally, investigate the case on our side and do our best to provide you with more detailed information and reliable solution.
I hope this helps.
Best Regards,
Misho
Progress Telerik
Rank 1
Misho,
This doesn't work for me.
I have a MVC controller 'A' decorated like this : [Authorize(Policy = "CanAccessAdminGroup")]
and controller 'B' decorated like this : [Authorize(Policy = "CanAccessUsersGroup")]
But the menu options are visible - I want them to be hidden(Trimmed)
What am i missing?
Thanks,Peter
My name is Ivan and I am stepping in for my colleague Misho who is taking a few days off. We will test the scenario you describe and get back to you as soon as we have new information.
Regards,
Ivan Danchev
Progress Telerik
After reviewing the communication in this thread and the available resources about the Menu's SecurityTrimming functionality, I would like to apologize on behalf of the Support Team. There has been an oversight on our part, which resulted in the following article:
https://docs.telerik.com/aspnet-core/html-helpers/navigation/menu/security-trimming
being incorrectly published in our UI for ASP.NET Core documentation. The SecurityTrimming functionality of the Menu is available in UI for ASP.NET MVC, but we have mistakenly added this information in the Core Menu's documentation and, obviously, this has been misleading.
As of this moment, SecurityTrimming hasn't been implemented for our UI for ASP.NET Core Menu. There is an existing feature request for adding this functionality, which you can vote for in our Feedback Portal.
Once again, please accept our apologies for the confusion created. We will remove the article from the Core documentation.
I updated your Telerik points, as a small token of gratitude for your involvement in identifying this mistake.
Regards,
Ivan Danchev
Progress Telerik