0

How can I enable or disable the add/edit/delete action link in the ASP.NET MVC razor view based on the user roles. I have tried the following but it seems not working while updating the user role.

If I have updated the user role, the updated value did not refresh.It still work with the old value.How can I resolve this issue?

if (User.IsInRole("Admin")) { }
Improve this question
3
  • What have you tried? Show some code. What error did you get? Razor view or webforms? Have a look at stackoverflow.com/questions/how-to-ask Commented Jun 23, 2014 at 6:05
  • @Sascha Just wrap "ask" in anklebrackets: [ask] or [faq]. this does the same (but without my code formatting) How to Ask; faq Commented Jun 23, 2014 at 6:08
  • @Serv Thanks, did not knew this Commented Jun 23, 2014 at 6:13

3 Answers 3

Reset to default
1

In your view, check for the following:

@{ //replace Admin with your administrator role if (User.IsInRole("Admin")) { @Html.ActionLink("Edit", "Edit", new { id=item.ID }) | @Html.ActionLink("Details", "Details", new { id=item.ID }) | @Html.ActionLink("Delete", "Delete", new { id=item.ID }) } }

With this only Administrators can see whasts inside the code block, but this does not mean, users could not manually enter the url in the browser. It is still reachable. You should probalby secure your Controllers / Action methods as well:

using System.ComponentModel.DataAnnotations [Authorize(Roles = "Admin, SuperModerator")] public ActionResult GetMeSomething() { /* ... */ }
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

Create a controller base and override the OnActionExecuting method as follows: 

public class ControllerBase : Controller { protected override void OnActionExecuting(ActionExecutingContext filterContext) { ViewBag.IsAdmin = User.IsInRole("Admin") base.OnActionExecuting(filterContext); } }

In your view's controller be sure to derive from the ControllerBase

public class HomeController: ControllerBase { ... }

Finally in your view, use the viewbag's isadmin property: 

@if (ViewBag.IsAdmin==true) { <li>@Html.ActionLink("Home Page", "Index", "Home")</li> }

The upside of this approach is that it works on every page. The downside is that you have to make every page derive from ControllerBase. That's not necessarily a bad thing because it sets you up to have default controller functionality in every controller.

Improve this answer

Comments

0

I used to write my custom Html Helper which will render only if user is in specific role:

public static class LinkExtensions { public static MvcHtmlString ActionLinkAuthorized(this HtmlHelper htmlHelper, string linkText, string actionName, bool showActionLinkAsDisabled = false) { return htmlHelper.ActionLinkAuthorized(linkText, actionName, null, new RouteValueDictionary(), new RouteValueDictionary(), showActionLinkAsDisabled); } public static MvcHtmlString ActionLinkAuthorized(this HtmlHelper htmlHelper, string linkText, string actionName, object routeValues, bool showActionLinkAsDisabled = false) { return htmlHelper.ActionLinkAuthorized(linkText, actionName, null, new RouteValueDictionary(routeValues), new RouteValueDictionary(), showActionLinkAsDisabled); } public static MvcHtmlString ActionLinkAuthorized(this HtmlHelper htmlHelper, string linkText, string actionName, string controllerName, bool showActionLinkAsDisabled = false) { return htmlHelper.ActionLinkAuthorized(linkText, actionName, controllerName, new RouteValueDictionary(), new RouteValueDictionary(), showActionLinkAsDisabled); } public static MvcHtmlString ActionLinkAuthorized(this HtmlHelper htmlHelper, string linkText, string actionName, RouteValueDictionary routeValues, bool showActionLinkAsDisabled = false) { return htmlHelper.ActionLinkAuthorized(linkText, actionName, null, routeValues, new RouteValueDictionary(), showActionLinkAsDisabled); } public static MvcHtmlString ActionLinkAuthorized(this HtmlHelper htmlHelper, string linkText, string actionName, object routeValues, object htmlAttributes, bool showActionLinkAsDisabled = false) { return htmlHelper.ActionLinkAuthorized(linkText, actionName, null, new RouteValueDictionary(routeValues), new RouteValueDictionary(htmlAttributes), showActionLinkAsDisabled); } public static MvcHtmlString ActionLinkAuthorized(this HtmlHelper htmlHelper, string linkText, string actionName, RouteValueDictionary routeValues, IDictionary<string, object> htmlAttributes, bool showActionLinkAsDisabled = false) { return htmlHelper.ActionLinkAuthorized(linkText, actionName, null, routeValues, htmlAttributes, showActionLinkAsDisabled); } public static MvcHtmlString ActionLinkAuthorized(this HtmlHelper htmlHelper, string linkText, string actionName, string controllerName, object routeValues, object htmlAttributes, bool showActionLinkAsDisabled = false) { return htmlHelper.ActionLinkAuthorized(linkText, actionName, controllerName, new RouteValueDictionary(routeValues), new RouteValueDictionary(htmlAttributes), showActionLinkAsDisabled); } public static MvcHtmlString ActionLinkAuthorized(this HtmlHelper htmlHelper, string linkText, string actionName, string controllerName, RouteValueDictionary routeValues, IDictionary<string, object> htmlAttributes, bool showActionLinkAsDisabled) { if (htmlHelper.ActionAuthorized(actionName, controllerName)) { return htmlHelper.ActionLink(linkText, actionName, controllerName, routeValues, htmlAttributes); } else { if (showActionLinkAsDisabled) { return MvcHtmlString.Empty; } else { return MvcHtmlString.Empty; } } } }

Here is ActionAuthorized() Definition:

public static class ActionExtensions { public static bool ActionAuthorized(this HtmlHelper htmlHelper, string actionName, string controllerName) { ControllerBase controllerBase = string.IsNullOrEmpty(controllerName) ? htmlHelper.ViewContext.Controller : htmlHelper.GetControllerByName(controllerName); ControllerContext controllerContext = new ControllerContext(htmlHelper.ViewContext.RequestContext, controllerBase); ControllerDescriptor controllerDescriptor = new ReflectedControllerDescriptor(controllerContext.Controller.GetType()); ActionDescriptor actionDescriptor = controllerDescriptor.FindAction(controllerContext, actionName); if (actionDescriptor == null) return false; FilterInfo filters = new FilterInfo(FilterProviders.Providers.GetFilters(controllerContext, actionDescriptor)); if (!htmlHelper.CheckAccessRight(actionName, controllerDescriptor.ControllerName)) { return false; } else { return true; } return true; } }

and here i check from database that if user is in role:

public static bool CheckAccessRight(this HtmlHelper htmlHelper,string Action, string Controller) { if (HttpContext.Current.Session["userId"] != null) { string userID = HttpContext.Current.Session["userId"].ToString(); using (var db = new cloud_clinicEntities()) { assignment objAss = null; if (HttpContext.Current.Session["AccountType"].ToString() == "lab") { objAss = db.assignments.SingleOrDefault(model => model.userid == userID); } else { objAss = db.assignments.SingleOrDefault(model => model.employeeId == userID); } String UserRole = objAss.itemname; itemchildren objChild = db.itemchildrens.SingleOrDefault(model => model.parent == UserRole && model.child == Controller + " " + Action); if (objChild != null) { return true; } else { return false; } } } else { return false; } }

and use it in view like this:

@Html.ActionLinkAuthorized("Create New", "Create", new { org = ViewBag.OrgBranchID }, new { @id = "linkCreateEmployee" }, true)

Now this action link will only render if user is in role other wise not.

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.