Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Determine if controller action is authorized before calling it

The problem I'm trying to solve seems very simple to me: My application has a site-wide menu from which the user can navigate to various areas. The menu items are simply links to ActionResult methods. I'm using a custom AuthorizeAttribute on the actions to enforce the user's authorization roles. That works fine, in that it prevents the user from executing the action if they don't have the appropriate roles. What I want to do, though, is not even show the menu option to navigate to that action if they aren't authorized to perform it.

So, at the simplest level, I want to be able to do something like this:

var isAuthorized = IsAuthorized("ControllerName", "ActionName", currentUser);

The IsAuthorized method would then look at any AuthorizeAttributes on the action, and evaluate whether the given user would be able to execute it.

Does such an approach exist? Assume that we don't have an instance of the controller at the point that we're making this evaluation.

like image 623
Dan Avatar asked Sep 21 '12 13:09

Dan


1 Answers

A second pass at searching for an approach to this actually resulted in exactly what I was looking for. I'll leave this question here in case it leads others to this answer.

Create an authorized action link extension for ASP.NET MVC 3

The implementation uses just about exactly the syntax I was looking for, and works in practice.

like image 145
Dan Avatar answered Nov 07 '22 15:11

Dan