开发者

Is it possible to block a page from opening using securityTrimmingEnabled=true

I have custom SiteMapProvider and RoleProvider that works together properly: IsAccessibleToUser returns false if current user's role isn't mentioned in SiteMapNode.Roles for page requested.

So breadcrumbs or menu doesn't show an item.

But user still can type now showed URL directly and open a page. How can I block such behavior?

Also I have next Web.config开发者_如何学运维 settings:

<authorization>
    <allow roles="Admin,Manager,Client"  />
    <deny users="*" />
</authorization>


public override bool IsAccessibleToUser(HttpContext context, SiteMapNode node)
{
    var roles = node.Roles.OfType<string>();
    if (roles.Contains("*") || (roles.Count(r => context.User.IsInRole(r)) > 0))
    {
        return true;
    }
    else
    {
        throw new InsufficientRightsException();
    }
}
0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜