6

I'm looking for the standard practice in specifying that a certain HTML element, like a "Create user" button should only be displayed when the user is logged-in and belongs to the role "Administrator."

For example, using Spring MVC in Java, the Spring Security tag library has a control that does just that:

<sec:authorize access="hasRole('ROLE_PRESIDENT')">
    <input type="button" value="Launch nuclear weapons"/>
</sec:authorize>

Whatever appears between the tags will only display when the user belongs to the role specified.

Does ASP.NET MVC have such feature?

Improve this question

3 Answers 3

Reset to default
5

For Razor view engine:

@if (User.IsInRole("ROLE_PRESIDENT")) {
    <input type="button" value="launch nuclear weapons" />
}

For Webforms view engine:

<% if (User.IsInRole("ROLE_PRESIDENT")) { %>
    <input type="button" value="launch nuclear weapons" />
<% } %>
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

3

If you need element level security across your site, I suggest you create custom HtmlHelpers per element that all implement your security rules for rendering.

Note: wrapping if statements with role checks all over your views will not be maintainable

Improve this answer

2 Comments

agreed, it seems to be the closest equivalent to the Spring MVC code in the question (not that I know Spring MVC) though
Do you mean the HtmlHelper should check whether the user is authorized to complete the action? It should then decide whether to render an HTML object or not, I assume?
0

@If User.IsInRole("Administrator") Then 'whatever end if

something like should work

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.