Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

ASP.Net MVC Authentication - Hide Element in View based on roles

Tags:

asp.net

asp.net-mvc

asp.net-mvc-4

Is there a possibility to hand over the Result of the Authorize-Attribute to the View?

Let's assume I want to hide 5 links in my Index view based on the memberships of a User.

[Authorize(Roles = "Admin")]
public ActionResult Index(){
    ....
}

The code above will prevent all users that are not part of the Admin-Group from visiting the Index page.

@{
    if(User.IsInRole("Admin"){
        <a href="#">Some link to be hidden</a>
    }
}

This code will hide the link if the User is not part of the Admin role. This is basically what I want BUT using this method I have to change the role name on every hidden link if the role would change.

Isn't there something like a combination of both? (Schema see below)

[Authorize(Roles = "Admin")] //This will pass true to the View if the User is a member of the group "Admin"
public ActionResult Index(){
    ....
}

@{
    if(User.IsAuthenticated){ //This will read the "Token" and if it's true the if statement will get executed.
        <a href="#">Some link to be hidden</a>
    }
}

So - if the User is in Role "Admin" the link will be shown. Is this possible?

like image 426
Th1sD0t Avatar asked Oct 19 '16 17:10

Th1sD0t

1 Answers

You could use ViewBag and ViewData among other things, but I'd suggest passing a model back to the view with properties indicating whether to display the links or not.

public class YourViewModel()
{
    public bool ShowHiddenLinks { get; set; }
    // ... whatever other properties
}

In your controller you'd then do:

[Authorize(Roles = "Admin")] 
public ActionResult Index()
{
    var yourVm = new YourViewModel();
    yourVm.ShowHiddenLinks = true;

    return View(yourVm);
}

And your view becomes:

@model YourViewModel

/* ShowHiddenLinks is true & this view is meant for admins only,
   so show admin-related links */
@if (Model.ShowHiddenLinks)
{
    <a href="#">Some link to be hidden</a>
}

I've named the viewmodel property ShowHiddenLinks on purpose, so that it becomes re-usable for views meant for other users as well. You can of course extend the viewmodel to feature properties for other roles (e.g. a view which is accessible by admins and moderators, each with their own distinct set of hidden links), or create one viewmodel per role—it all depends on the scenario.

like image 120
trashr0x Avatar answered Oct 11 '22 08:10

trashr0x
Sign in to Comment

Related questions

ASP.NET 5 (vNext) web project: library conflict upgrading from beta4 to beta6
Change gridview's row color ASP.NET
SerializableAttribute in dnxcore50
Signalr deserializes my objects incorrectly in IIS 7.5 and Edge/IE, foreverFrame broken?
ASP.NET MVC file upload working on local build, NOT working after deployment
Using ARR how do you rewrite a url if a cookie is missing?
Bind to list ASP.NET MVC dynamic jQuery index
$.ajaxSetup cache: What does that mean in jquery code
Enabling gzip compression on Azure Websites
How to programmatically create users in asp.net 5 using identity
Replace response body using owin middleware
OnConnected method not called SignalR when I use shared connection in multiple hubs
How can I validate this ADFS token?
Azure AD B2C - Multiple sub domains
Combine multiple Linq Where statements
The client and server cannot communicate, because they do not possess a common algorithm on Windows Server 2008 Web
UPS API .Net Add Web Reference
ASP.Net Core CreatedAtAction in HttpPost action returns 201 but entire request ends with 500
Migrate password hash from ASP.NET Identity 2.0 to 3.0
TCP/IP Client side loop .NET

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!