securityTrimmingEnabled hides files that should be exposed

[keithb]

ASP.NET Web Site Administration Tool sets access rules by folder, not by
individual file. What would cause some files in a folder to be hidden and
some to be displayed when securityTrimmingEnabled="true"?

Thanks,

Keith

 

[Brock Allen]

securityTrimmingEnabled="true" simply prunes the sitemap based upon the <authorization>
configuration element. <authorization> typically controls access to all files
in the directory, but if used inside a <location path="SomePage.aspx"> element,
it allows for page-/path-specific <authorization> rules.

 

[keithb]

Thanks for responding. I'm still don't know how to resolve the issue since
my web.config file does not contain a <location> element. Any suggestions?

Thanks again,

Keith

 

[Brock Allen]

Try to access them directly by typing the URL in the browser and see if you
get denied access. Also, you might have a custom SiteMapProvider that overrides
IsAccessibleToUser.

 

[keithb]

I found what may be a partial answer. The My sitemap had a <siteMapNode>
with an empty URL string. and inside that node were other nodes with urls to
the files that were improperly hidded from authorized users. I removed the
<sitemapNode> with the empty URL, which put everything in the menu on the
same level. Now security trimming works properly.

Thanks,

Keith