Is it possible to block a page from opening using securityTrimmingEnabled=true
-
04-10-2019 - |
Pergunta
I have custom SiteMapProvider and RoleProvider that works together properly: IsAccessibleToUser
returns false
if current user's role isn't mentioned in SiteMapNode.Roles
for page requested.
So breadcrumbs or menu doesn't show an item.
But user still can type now showed URL directly and open a page. How can I block such behavior?
Also I have next Web.config settings:
<authorization>
<allow roles="Admin,Manager,Client" />
<deny users="*" />
</authorization>
Solução
public override bool IsAccessibleToUser(HttpContext context, SiteMapNode node)
{
var roles = node.Roles.OfType<string>();
if (roles.Contains("*") || (roles.Count(r => context.User.IsInRole(r)) > 0))
{
return true;
}
else
{
throw new InsufficientRightsException();
}
}
Licenciado em: CC-BY-SA com atribuição
Não afiliado a StackOverflow