CODEWITHSUNDEEP
asp.net-mvcpermissionsviewurl
Ben
Ben

Reputation: 1023

Showing/Hiding Links in an ASP.Net MVC View

I'm trying to figure out how to show/hide links for users based on their roles. I know how to set the authorize attribute for an action method, but I'm having trouble making links show hide in a view if the user is say, an admin or a manager in my roles database.

Any good articles or code example someone can point me towards?

Upvotes: 7

Views: 10526

Answers (4)

user2471871
user2471871

Reputation: 1

I use a static class for Role validation and in the cshtml i used this class, the role validation is out the cshtml.

I have my Authorized functions or content in database (by user or by role) so you dont have to redeploy if the access definition change. 

public static class AuthorizeContent
{
    public static bool AuthorizeAccessContent(string Content)
    {
        bool bReturn = false;
        DBContext db = new DBContext();
        string[] RolesUser = Roles.GetRolesForUser(WebSecurity.CurrentUserName);

        foreach (AuthorizedContentRole aut in db.AuthorizedContentRole)
        { 
            foreach (string rol in RolesUser)
            {
                if (aut.Role==rol && aut.Content==Content)
                {
                    bReturn = true;
                    break;
                }
            }
        }
        foreach (AuthorizedContentUser aut in db.AuthorizedContentUser)
        {
            if (aut.UserName == WebSecurity.CurrentUserName && aut.Content == Content)
            {
                bReturn = true;
                break;
            }
        }

        return bReturn; 
    }

/// in the cshtml

@if (AuthorizeContent.AuthorizeAccessContent(Content))
{

    <li class="two">
        <h5>Administrator link</h5>
        @Html.ActionLink("Admin secret info","Index", "Information")
    </li>
}

you could also use a filter like [AccionAuthorize(Action="MyContent")]

public class AccionAuthorizeAttribute : AuthorizeAttribute
{
    public string Action { get; set; }
    public override void OnAuthorization(AuthorizationContext filterContext)
    {
        if (!filterContext.HttpContext.User.Identity.IsAuthenticated)
            filterContext.Result = new HttpUnauthorizedResult();
        else if (!AutorizacionContenido.AutorizaAccesoContenido(Action))
            filterContext.Result = new HttpUnauthorizedResult();
        base.OnAuthorization(filterContext);
    }
}

Upvotes: 0

Hubeyb &#214;zkul
Hubeyb &#214;zkul

Reputation: 666

<% if(HttpContext.Current.User.IsInRole("Admin")){%> <a href="/Admin">Admin</a> <% } %>

Use this code. This is easier.

Upvotes: 1

Patrick.B
Patrick.B

Reputation: 21

This is one thing i really dont like with MVC (as in ASP.Net MVC, not the pattern) there is a tendancey to moving of UI logic into the markup.

There is no way to run Unit tests on that logic once its in the aspx.

Personly i think webforms with a suitable UI pattern (MVC or MVP etc) would better suit than having the page littered with conditional logic that cant be tested.

Upvotes: 2

ten5peed
ten5peed

Reputation: 15890

In your view you can reference the IPrincipal user through the System.Web.Mvc.ViewPage's User property.

E.g. In your view you can have something like:

<% if (User.IsInRole("Admin")) { %>
    <%= Html.ActionLink("Admin only link", "Edit", "Users") %>
<% } %>

<% if (User.IsInRole("Manager") || User.IsInRole("Admin")) { %>
    <%= Html.ActionLink("Manager & Admin only link", "Edit", "Product") %>
<% } %>

HTHs,
Charles

Upvotes: 11

Related Questions