[Mono-bugs] [Bug 467221] asp.net security trimming / authorization not working

bugzilla_noreply at novell.com bugzilla_noreply at novell.com
Wed Aug 18 22:54:55 EDT 2010



Mike Morano <mmorano at mikeandwan.us> changed:

           What    |Removed                     |Added
             Status|CLOSED                      |REOPENED
            Version|unspecified                 |2.6.x
         Resolution|FIXED                       |
         OS/Version|openSUSE 11.1               |Ubuntu

--- Comment #7 from Mike Morano <mmorano at mikeandwan.us> 2010-08-19 02:54:52 UTC ---
Hey Marek,

Long time no talk, hope all is well.  This issue seems to have resurfaced, I
have had it for a while but have been too busy to look into this.  I finally
got around to copying my site to my wifes windows box, and sure enough, with
the same configuration files, the protected areas of the site do not appear in
the navigation, where mono does not perform the security trimming.  

In this case, I have a single web.config in the root of the site, with an
authorization section in the primary configuration/system.web/authorization
that specifies user="*", but then, i have other configuration/location sections
for particular paths that specify the first rule as allow roles="admin" and
last rule of deny users="*".  When I first access the site (as an anonymous
user), I still see the admin link which is derived from the site map, which
should only be available to logged in users that are in the 'admin' role.

Here is my current version information:

mmorano at aeris:~$ mono --version
Mono JIT compiler version 2.6.7 (Debian 2.6.7-1ubuntu1~dhx1)
Copyright (C) 2002-2010 Novell, Inc and Contributors. www.mono-project.com
        TLS:           __thread
        GC:            Included Boehm (with typed GC and Parallel Mark)
        SIGSEGV:       altstack
        Notifications: epoll
        Architecture:  amd64
        Disabled:      none

Effectively, the configuration has not changed since the original bug I had
reported some time ago.

Do you have a means to re-test this against the current version?  This is a
completely fresh install without a parallel mono environment, so I don't feel
there could be many things interfering with this case...

Please let me know if there is any additional information that would be useful
to you.


Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.

More information about the mono-bugs mailing list