Showing/Hiding Links in an ASP.Net MVC View_问答_开发者

Showing/Hiding Links in an ASP.Net MVC View

开发者 https://www.devze.com 2022-12-13 14:30 出处：网络

I\'m trying to figure o开发者_开发问答ut how to show/hide links for users based on their roles.I know how to set the authorize attribute for an action method, but I\'m having trouble making links show

I'm trying to figure o开发者_开发问答ut how to show/hide links for users based on their roles. I know how to set the authorize attribute for an action method, but I'm having trouble making links show hide in a view if the user is say, an admin or a manager in my roles database.

Any good articles or code example someone can point me towards?

In your view you can reference the IPrincipal user through the System.Web.Mvc.ViewPage's User property.

E.g. In your view you can have something like:

<% if (User.IsInRole("Admin")) { %>
    <%= Html.ActionLink("Admin only link", "Edit", "Users") %>
<% } %>

<% if (User.IsInRole("Manager") || User.IsInRole("Admin")) { %>
    <%= Html.ActionLink("Manager & Admin only link", "Edit", "Product") %>
<% } %>

HTHs,
Charles

This is one thing i really dont like with MVC (as in ASP.Net MVC, not the pattern) there is a tendancey to moving of UI logic into the markup.

There is no way to run Unit tests on that logic once its in the aspx.

Personly i think webforms with a suitable UI pattern (MVC or MVP etc) would better suit than having the page littered with conditional logic that cant be tested.

<% if(HttpContext.Current.User.IsInRole("Admin")){%> <a href="/Admin">Admin</a> <% } %>

Use this code. This is easier.

I use a static class for Role validation and in the cshtml i used this class, the role validation is out the cshtml.

I have my Authorized functions or content in database (by user or by role) so you dont have to redeploy if the access definition change.

public static class AuthorizeContent
{
    public static bool AuthorizeAccessContent(string Content)
    {
        bool bReturn = false;
        DBContext db = new DBContext();
        string[] RolesUser = Roles.GetRolesForUser(WebSecurity.CurrentUserName);

        foreach (AuthorizedContentRole aut in db.AuthorizedContentRole)
        { 
            foreach (string rol in RolesUser)
            {
                if (aut.Role==rol && aut.Content==Content)
                {
                    bReturn = true;
                    break;
                }
            }
        }
        foreach (AuthorizedContentUser aut in db.AuthorizedContentUser)
        {
            if (aut.UserName == WebSecurity.CurrentUserName && aut.Content == Content)
            {
                bReturn = true;
                break;
            }
        }

        return bReturn; 
    }

/// in the cshtml

@if (AuthorizeContent.AuthorizeAccessContent(Content))
{

    <li class="two">
        <h5>Administrator link</h5>
        @Html.ActionLink("Admin secret info","Index", "Information")
    </li>
}

you could also use a filter like [AccionAuthorize(Action="MyContent")]

public class AccionAuthorizeAttribute : AuthorizeAttribute
{
    public string Action { get; set; }
    public override void OnAuthorization(AuthorizationContext filterContext)
    {
        if (!filterContext.HttpContext.User.Identity.IsAuthenticated)
            filterContext.Result = new HttpUnauthorizedResult();
        else if (!AutorizacionContenido.AutorizaAccesoContenido(Action))
            filterContext.Result = new HttpUnauthorizedResult();
        base.OnAuthorization(filterContext);
    }
}