[Mono-bugs] [Bug 467221] asp.net security trimming / authorization not working

bugzilla_noreply at novell.com bugzilla_noreply at novell.com
Fri Mar 13 11:01:43 EDT 2009


https://bugzilla.novell.com/show_bug.cgi?id=467221

User mmorano at mikeandwan.us added comment
https://bugzilla.novell.com/show_bug.cgi?id=467221#c3


Mike Morano <mmorano at mikeandwan.us> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |REOPENED
         Resolution|FIXED                       |




--- Comment #3 from Mike Morano <mmorano at mikeandwan.us>  2009-03-13 09:01:43 MST ---
I still seem to be having an issue with this.  I have found a bit more
information that may be useful to help track this further:

It seems like the <location> element in the root web.config is not being
honored when determining the set of SiteMapNodes to be returned when
securityTrimming is enabled.

I have just tried another test, where I add a web.config to the admin
directory, to contain the authorization rule.  This admin/web.config file looks
like the following:

<configuration>
    <system.web>
        <authorization>
            <allow roles="friend" />
            <deny users="*" />
        </authorization>
    </system.web>
</configuration>

With this configured, the node is properly removed from the resulting set of
SiteMapNodes, and hence, is not displayed in the navigation (which is driven
off the default site map provider with security trimming enabled).  However, if
I remove the admin/web.config, the node is not removed, and the navigation link
to the admin link is presented.

The good news is, now the page is truly not accessible - I am getting denied
access when actually trying to access the admin page, which is great.  However,
the site map node is not properly getting trimmed as it is configured.


Thanks again for all your help,
Mike

-- 
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.


More information about the mono-bugs mailing list