Does Security Trimming work with Web Forms Routing?

Posted by Slauma on Stack Overflow See other posts from Stack Overflow or by Slauma
Published on 2010-05-31T10:09:09Z Indexed on 2010/05/31 10:12 UTC
Read the original article Hit count: 354

In my web.config I have configured a SiteMapProvider with securityTrimmingEnabled="true" and on my main master page is an asp:Menu control bound to an asp:SiteMapDataSource. In addition I have configured restricted access to all pages in a subfolder "Admin" (using another web.config in this subfolder).

If I put a sitemapNode in Web.sitemap...

<siteMapNode url="~/Admin/Default.aspx" title="Administration" description="" >

... only users in role "Admin" will have the menu item related to that siteMapNode. So this is working fine and as intended.

Now I have defined a URL route in Global.asax to map the physical file to a new URL:

System.Web.Routing.RouteTable.Routes.MapPageRoute("AdminHomeRoute", 
    "Administration/Home", "~/Admin/Default.aspx");

But when I use this route-URL in the SiteMap file...

<siteMapNode url="Administration/Home" title="Administration" description="" >

... it seems that security trimming does not work: The menu item is visible for all users. (Access to the page is still restricted though, so selecting the menu item by non-Admin users does not navigate to the restricted page.)

Question: Is there any setting I've missed so far to make security trimming working with URL routing in ASP.NET 4.0 Web Forms? Did I do something wrong? Is there any work-around?

Thank you for help!

© Stack Overflow or respective owner

Related posts about ASP.NET

Related posts about sitemap