2

I've set up ASP.NET Identity 2 in my MVC app to authorize users for both standard pages and Web API calls. Simply adding the [Authorize] attribute (with a few fixes) works just fine for preventing unauthorized access, but I also need the ability to get the current IPrinicple in the same way that I would use User.Identity in my MVC views and controllers. There are some things I can accomplish by using it in my views and controllers before they are handed off to Angular, but I also need to be able to read this value for things like creating menus based on the current user's role.

I've considered reading the ASP.NET Idenity cookies, but this requires decryption of the cookie, which I obviously won't be able to accomplish on the client side without revealing the decryption key.

Is there a way to pass off the User.Identity to Angular.js in a way that's consumable by the client side code?

Community
  • 1
  • 1
Stephen Collins
  • 3,523
  • 8
  • 40
  • 61
  • 1
    Why don't you let the server vià web api (or similar) let angularJS know what menus should be rendered? I don't think it is a good design if the GUI layer needs to decide things accoring to user roles. This should be decided on a lower level, IMO. – sl3dg3 Sep 02 '14 at 13:44
  • Well I'm not exactly letting the GUI itself determine what items to show; It's in a configuration service. But that does give me an idea: Maybe creating an `[Authorize]`d Web API call to return the current user... – Stephen Collins Sep 02 '14 at 13:46
  • @StephenCollins I think that you asked yourself. Add a controller action that returns a UserModel with the properties that you wish, to the client. Obviously with the [Authorize] attribute. – Xavier Egea Sep 02 '14 at 21:12

0 Answers0