Horizontal Menu Disappears with securityTrimmingEnabled="true"

Tuesday, February 12, 2008

I'm implementing ASP.NET roles in a site and using the securityTrimmingEnabled feature so people don't see menu items for pages they're not authorized to visit.

Once I got the roles and restrictions enabled, the entire menu disappeared as if the role had no authorization to see any items. That's security trimming gone wild!

It turns out that this is an issue when you're using a horizontal ASP.NET menu. You usually hide the root node of the sitemap file when using a horizontal menu because a top row with one lonely root item doesn't make sense. (The SiteMapDataSource ShowStartingNode property is set to False.)

The fix was to make sure that every role had access to the (unused) dummy siteMapNode at the root by including roles="*" in web.sitemap shown below:

<?xml version="1.0" encoding="utf-8" ?>
<siteMap enableLocalization="true"
     xmlns="http://schemas.microsoft.com/AspNet/SiteMap-File-1.0" >
    <siteMapNode url="" title="" roles="*" description="">
      <siteMapNode url="~/default.aspx" resourceKey="siteMapHome"
       title="Home" roles="admin,account" description="" />

Sheesh! Why do I lose time on these silly things? Is nothing ever easy?

12 Comments

More info here:
http://blogs.msdn.com/dannychen/archive/2006/03/16/553005.aspx

rajbk - Tuesday, February 12, 2008 8:44:56 PM

What a magic. You made my day and saved me from frustrations. Thank you

prisLena - Tuesday, May 6, 2008 5:44:55 PM

Yes, its works for me too, thanks

WotlkPowerLeveling.com - Tuesday, November 4, 2008 3:33:23 AM

Thanks! I had been trying to figure this one out all morning.

kj - Thursday, November 13, 2008 11:03:40 AM

I was reading MSDN and the correct form to resolve this issue is to write roles="*"

a friend - Tuesday, December 16, 2008 9:01:17 PM

Thanks ALOT ! Thanks for sharing !!!

Salomon - Wednesday, February 25, 2009 9:32:41 AM

thanks alot for sharing.

Som Nath Shukla - Wednesday, April 1, 2009 1:27:10 AM

Thanks a lot.
I spent a lot of time for this solution. And now I got it. Thanks again for sharing ur knowledge.

Yogesh Patel - Saturday, September 4, 2010 7:50:31 AM

Thank you, this has saved my few hours.

Bharat

Bharat - Wednesday, September 8, 2010 1:58:57 AM

spent 2 hours beating my head against the wall... undoing/redoing/rebuilding/deleting and adding role permissions... and all becuase of a single char. Thanks for the post

sirenyard - Monday, March 12, 2012 6:04:07 PM

thanks, great.

(still same behavior on asp.net 4.5)

baz - Friday, September 14, 2012 5:48:38 AM

Thanks you !!! I lost a lot of time on this problem

tims - Friday, November 30, 2012 2:42:41 PM

Comments have been disabled for this content.