Re: User.IsInRole with * wildcard, web.sitemap etc.
- From: Dominick Baier <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 9 Jul 2007 20:21:27 +0000 (UTC)
You don't specify any authorization requirements in web.sitemap!!!
You use the <authorization> element in web.config for that - the sitemap just uses this information - and the role attribute in the sitemap file allows to override the information found in the authorization element for visual presentation.
-----
Dominick Baier (http://www.leastprivilege.com)
Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)
hi,
User.IsInRole method appears not to work with the web.sitemap * 'all
roles'
wildcard. is this by design? do i have to handle wildcards manually?
ideally User.IsInRole("*") would return true if the user is in any
role. an
example is below to illustrate.
i have a sitemap node like so:
<siteMapNode title="Report xyz" description="etc"
url="Reports.aspx?sp=XYZ"
roles="*">
since i'm using the querystring to specify a sproc, i make sure to
verify that the user is allowed to access it, as defined in
web.sitemap. so i have code in Reports.aspx that goes like:
foreach (string role in siteMapNode.Roles)
if (User.IsInRole(role))
return; // OK
thanks for any help
tim
.
- Follow-Ups:
- Re: User.IsInRole with * wildcard, web.sitemap etc.
- From: Tim Mackey
- Re: User.IsInRole with * wildcard, web.sitemap etc.
- Prev by Date: SqlMembershipProvider not working on production server
- Next by Date: Re: SqlMembershipProvider not working on production server
- Previous by thread: Re: User.IsInRole with * wildcard, web.sitemap etc.
- Next by thread: Re: User.IsInRole with * wildcard, web.sitemap etc.
- Index(es):
Relevant Pages
|
