SecurityTrimming

Topics: Developer Forum
Jul 16, 2008 at 10:59 AM
Hi,

I have a sitemap (PublicSiteMap) which has securityTrimmingEnabled="true".

I have a special templates directory named "Users" where a web.config file denies all unauthenticated users to enter. This works fine since I need to authenticate as soon as I want to visit the page. However, the menu repeater still handles the item so I guess the sitemap security trimming is not working.

Am I missing something?

Best regards,
Coordinator
Jul 16, 2008 at 1:53 PM
Maybe. Have you changed the content's permission to reflect your web.config file (the lock symbol in the toolbar). The security trimming doesn't consider asp.net location security. Only permissions on content nodes.
Jul 16, 2008 at 2:47 PM
Thank you for your answer. I have 4 roles (Administrator, Editor, Customer, Employee) and all four should have access (these roles are also checked in the content node). However, how can I prevent unauthorized users from accessing the site?

Best regards,

Geert
Coordinator
Jul 16, 2008 at 9:32 PM
Aha. There is a hidden "feature". When all roles are checked in the interface the content items is automatically treated as open for all. Try adding an additional role "Everyone" and uncheck it.
Jul 17, 2008 at 5:39 AM
Isn't it better to do such thing in the framework itself (adding the special role Everyone)?

I will take a look at this, implement it and send you the source code back if you want.
Coordinator
Jul 17, 2008 at 7:57 AM
Please do. Thank you.
Jul 17, 2008 at 3:51 PM
Hi,

I need the implementation of N2.Edit.Security.Default, which implements the function cblAllowedRoles_DataBound.

I want to modify the page to be able to add the special role Everyone. But, the implementation is not in the source code package.
Coordinator
Jul 17, 2008 at 4:01 PM
Have you checked out the sources from svn source code repository? http://code.google.com/p/n2cms/source/checkout. Tortoise SVN is a good client.
Jul 18, 2008 at 11:57 AM
It was in the repository, thanks! You should have received the source code by e-mail.