In my web.config I have configured a SiteMapProvider with securityTrimmingEnabled="true"
and on my main master page is an asp:Menu
control bound to an asp:SiteMapDataSource
. In addition I have configured restricted access to all pages in a subfolder "Admin" (using another web.config in this subfolder).
If I put a sitemapNode in Web.sitemap
...
<siteMapNode url="~/Admin/Default.aspx" title="Administration" description="" >
... only users in role "Admin" will have the menu item related to that siteMapNode. So this is working fine and as intended.
Now I have defined a URL route in Global.asax to map the physical file to a new URL:
System.Web.Routing.RouteTable.Routes.MapPageRoute("AdminHomeRoute",
"Administration/Home", "~/Admin/Default.aspx");
But when I use this route-URL in the SiteMap file...
<siteMapNode url="Administration/Home" title="Administration" description="" >
... it seems that security trimming does not work: The menu item is visible for all users. (Access to the page is still restricted though, so selecting the menu item by non-Admin users does not navigate to the restricted page.)
Question: Is there any setting I've missed so far to make security trimming working with URL routing in ASP.NET 4.0 Web Forms? Did I do something wrong? Is there any work-around?
Thank you for help!
I've answered this on the ASP.NET forums (http://forums.asp.net/t/1563781.aspx), but the answer is no. However you can customise the provider; see the code in the forum post.