asp.netsitemapasp.net-4.0asp.net-routingwebforms-routing

Does Security Trimming work with Web Forms Routing?


In my web.config I have configured a SiteMapProvider with securityTrimmingEnabled="true" and on my main master page is an asp:Menu control bound to an asp:SiteMapDataSource. In addition I have configured restricted access to all pages in a subfolder "Admin" (using another web.config in this subfolder).

If I put a sitemapNode in Web.sitemap...

<siteMapNode url="~/Admin/Default.aspx" title="Administration" description="" >

... only users in role "Admin" will have the menu item related to that siteMapNode. So this is working fine and as intended.

Now I have defined a URL route in Global.asax to map the physical file to a new URL:

System.Web.Routing.RouteTable.Routes.MapPageRoute("AdminHomeRoute", 
    "Administration/Home", "~/Admin/Default.aspx");

But when I use this route-URL in the SiteMap file...

<siteMapNode url="Administration/Home" title="Administration" description="" >

... it seems that security trimming does not work: The menu item is visible for all users. (Access to the page is still restricted though, so selecting the menu item by non-Admin users does not navigate to the restricted page.)

Question: Is there any setting I've missed so far to make security trimming working with URL routing in ASP.NET 4.0 Web Forms? Did I do something wrong? Is there any work-around?

Thank you for help!


Solution

  • I've answered this on the ASP.NET forums (http://forums.asp.net/t/1563781.aspx), but the answer is no. However you can customise the provider; see the code in the forum post.