7

Is there a possibility to hand over the Result of the Authorize-Attribute to the View?

Let's assume I want to hide 5 links in my Index view based on the memberships of a User.

[Authorize(Roles = "Admin")]
public ActionResult Index(){
    ....
}

The code above will prevent all users that are not part of the Admin-Group from visiting the Index page.

@{
    if(User.IsInRole("Admin"){
        <a href="#">Some link to be hidden</a>
    }
}

This code will hide the link if the User is not part of the Admin role. This is basically what I want BUT using this method I have to change the role name on every hidden link if the role would change.

Isn't there something like a combination of both? (Schema see below)

[Authorize(Roles = "Admin")] //This will pass true to the View if the User is a member of the group "Admin"
public ActionResult Index(){
    ....
}

@{
    if(User.IsAuthenticated){ //This will read the "Token" and if it's true the if statement will get executed.
        <a href="#">Some link to be hidden</a>
    }
}

So - if the User is in Role "Admin" the link will be shown. Is this possible?

Improve this question

1 Answer 1

Reset to default
5

You could use ViewBag and ViewData among other things, but I'd suggest passing a model back to the view with properties indicating whether to display the links or not.

public class YourViewModel()
{
    public bool ShowHiddenLinks { get; set; }
    // ... whatever other properties
}

In your controller you'd then do:

[Authorize(Roles = "Admin")] 
public ActionResult Index()
{
    var yourVm = new YourViewModel();
    yourVm.ShowHiddenLinks = true;

    return View(yourVm);
}

And your view becomes:

@model YourViewModel

/* ShowHiddenLinks is true & this view is meant for admins only,
   so show admin-related links */
@if (Model.ShowHiddenLinks)
{
    <a href="#">Some link to be hidden</a>
}

I've named the viewmodel property ShowHiddenLinks on purpose, so that it becomes re-usable for views meant for other users as well. You can of course extend the viewmodel to feature properties for other roles (e.g. a view which is accessible by admins and moderators, each with their own distinct set of hidden links), or create one viewmodel per role—it all depends on the scenario.

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

So there is no possibility to connect the Attribute with the if Statement in the view?
You say you want to "pass true to the View if the User is a member of the group "Admin"". This is exactly what a viewmodel does—passing data to act upon back to the view.
Sorry for that, the question wasn't a 100% clear - The question was about connecting the Authorize-Attribute with role-based Links in the View. Sure the VM approach is not that bad but if it would be possible to just say "hey you action, everybody can access you but some content should be restricted to the roles I mentioned in the "Authorize"-Attribute (or somethin similar)
No. You could create a custom ActionFilterAttribute that interrupts the response stream and modifies the output (random example here), but that is over-engineering and ill-suited for this scenario. A viewmodel is a good candidate for what you're after—simple and clean. As for "hey you action, everybody can access you but some content should be restricted to the roles", partial views are great candidates for this.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.