asp.net mvc 3 User.IsInRole("Admin")

Question

I have a site with links throughout it for performing actions. Some need to be hidden if the user is not in the admin role. I am doing checking on the backend just in case someone types i n the url directly etc. but is it enough to have this in the razor view?

<ul>
<li>Home</li>
<li>Items</li>
@if(User.IsInRole("Admin"){
    <li>Users</li>
}
</ul>

score 5 · Accepted Answer · answered May 03 '12 at 09:26

Yep, that is sufficient.

Or as I found in another post which i used lately:

public static MvcHtmlString If(this MvcHtmlString value, bool evaluation)
{
     return evaluation ? value : MvcHtmlString.Empty;
}

so you can use this:

@Html.ActionLink("Create New", "Create").If(User.IsInRole("Admin"))

However, if you are using links to other pages which you need to prevent from accessing when not in a specific role. You should also include the Authorize attribute in the controllers you want to prevent them from accessing:

public class HomeController : Controller
{
    [Authorize(Roles="Admin")]
    public ActionResult Index()
    { 
        return View();
    }
}

http://stackoverflow.com/questions/6981853/asp-net-mvc3-razor-display-actionlink-based-on-user-role there it is! — Rody, May 03 '12 at 13:38

score 0 · Answer 2 · answered May 03 '12 at 09:26

0

Yes. Also add attribute to respective method in your controller to prevent manual calls

[Authorize( Roles = "Admin" )]

answered May 03 '12 at 09:26

Cheburek

2,103
21
32

asp.net mvc 3 User.IsInRole("Admin")

2 Answers2