Is it possible to block a page from opening using securityTrimmingEnabled=true

Posted by abatishchev on Stack Overflow See other posts from Stack Overflow or by abatishchev
Published on 2010-05-24T18:00:25Z Indexed on 2010/05/24 18:11 UTC
Read the original article Hit count: 289

Filed under:

ASP.NET

|

roleprovider

|

breadcrumbs

|

sitemapprovider

|

securitytrimmingenabled

I have custom SiteMapProvider and RoleProvider that works together properly: IsAccessibleToUser returns false if current user's role isn't mentioned in SiteMapNode.Roles for page requested.

So breadcrumbs or menu doesn't show an item.

But user still can type now showed URL directly and open a page. How can I block such behavior?

Also I have next Web.config settings:

<authorization>
    <allow roles="Admin,Manager,Client"  />
    <deny users="*" />
</authorization>

© Stack Overflow or respective owner

Related posts about ASP.NET

Migrating ASP.NET MVC 1.0 applications to ASP.NET MVC 2 RTM

as seen on ASP.net Weblogs - Search for 'ASP.net Weblogs'
Note: ASP.NET MVC 2 RTM isn’t yet released! But this tool will help you get your ASP.NET MVC 1.0 applications ready for when it is! I have updated the MVC App Converter to convert projects from ASP.NET MVC 1.0 to ASP.NET MVC 2 RTM. This should be last the last major change to the MVC App Converter… >>> More
April 14th Links: ASP.NET, ASP.NET MVC, ASP.NET Web API and Visual Studio

as seen on ASP.net Weblogs - Search for 'ASP.net Weblogs'
Here is the latest in my link-listing blog series: ASP.NET Easily overlooked features in VS 11 Express for Web: Good post by Scott Hanselman that highlights a bunch of easily overlooked improvements that are coming to VS 11 (and specifically the free express editions) for web development: unit… >>> More
Use ASP.NET 4 Browser Definitions with ASP.NET 3.5

as seen on ASP.net Weblogs - Search for 'ASP.net Weblogs'
We updated the browser definitions files included with ASP.NET 4 to include information on recent browsers and devices such as Google Chrome and the iPhone. You can use these browser definition files with earlier versions of ASP.NET such as ASP.NET 3 Read More......(read more) >>> More
ASP.NET webforms + ASP.NET Ajax versus ASP.NET MVC and Ajax framework freedom

as seen on Stack Overflow - Search for 'Stack Overflow'
If given the choice, which path would you take? ASP.NET Webforms + ASP.NET AJAX or ASP.NET MVC + JavaScript Framework of your Choice Are there any limitations that ASP.NET Webforms / ASP.NET AJAX has vis-a-vis MVC? >>> More
ASP.NET MVC 2 Released

as seen on ASP.net Weblogs - Search for 'ASP.net Weblogs'
I’m happy to announce that the final release of ASP.NET MVC 2 is now available for VS 2008/Visual Web Developer 2008 Express with ASP.NET 3.5. You can download and install it from the following locations: Download ASP.NET MVC 2 using the Microsoft Web Platform Installer Download… >>> More

Related posts about roleprovider

Extending the RoleProvider GetRolesForUser()

as seen on Stack Overflow - Search for 'Stack Overflow'
The GetRolesForUser() method in the RoleProvider takes the user login name and returns the list of roles for that user. But in my application this is not enough, I need a few more pieces of information to be able to get the user's roles. How can I get this extra information into the method? I have… >>> More
Custom RoleProvider: Can't insert record in UsersInRole Table

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi, I have implemented a LINQ to SQL based RoleProvider, when I assign role to a user following exception is thrown while AddUsersToRoles method is called. I have defined a composite primary key userid & roleId on this table, it still throwing this exception: Can't perform Create, Update or… >>> More
Custom RoleProvider with MVC 2.0 webconfig

as seen on Stack Overflow - Search for 'Stack Overflow'
I have a custom MembershipProvider and a custom RoleProvider. I created the custom MembershipProvider by creating a SimpleMembershipProvider class which implements the MembershipProvider class. After that I changed my web.config and works. So I used the same approach creating a custom RoleProvider… >>> More
Can I create a custom roleprovider through a WCF service?

as seen on Stack Overflow - Search for 'Stack Overflow'
I have a web application that accesses a database through a wcf service. The idea is to abstract the data from the web application using the wcf service. All that works fine but I am also using the built in roleprovider using the SqlRoleManager which does access the aspnetdb database directly. … >>> More
Ninject with MembershipProvider | RoleProvider

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm using ninject as my IoC and I wrote a role provider as follows: public class BasicRoleProvider : RoleProvider { private IAuthenticationService authenticationService; public BasicRoleProvider(IAuthenticationService authenticationService) { if (authenticationService == null)… >>> More