0

I created an MVC project in .net for school and used this code to only show certain parts of my view to certain users with the specified role.

public ActionResult About()
    {
        if (User.IsInRole("Begeleider"))
        {
            var client = new WebClient();
            var jsonLeerlingen = client.DownloadString(new Uri("http://localhost:8080/projecten/api/leerlingen"));
            var leerlingen = Newtonsoft.Json.JsonConvert.DeserializeObject<IEnumerable<Leerling>>(jsonLeerlingen);
            ViewBag.Message = leerlingen;
        }
        return View();
    }

This works when I log in with the user that has the role 'Begeleider' but when I click the button in the nav I get an error in my cshtml. Which is logical since I call the code here but can't reach it when I'm not logged in with the right role. But how do I fix it then?

@{
ViewBag.Title = "Evaluaties";
var leerlingen = List<ASPNetMVCExtendingIdentity2Roles.Domain.Leerling>)ViewBag.Message;
}
<h2>@ViewBag.Title.</h2>
<h4>Leerlingen</h4>
<table>
@foreach (var leerling in leerlingen)
{
    <tr>
        <td>@leerling.Naam</td>
        <td>@leerling.Email</td>
    </tr>
}
</table>
<h4>Evaluaties</h4>
@* Here shall be the same code as above but for a Leerling himself he'll only be able to see himself and his own Evaluation(Evaluatie), Haven't figuerd it out yet. *@

The nav is this and the last li is the one that shouldn't be visible for not logged in users.

<div class="navbar-collapse collapse">
            <ul class="nav navbar-nav">
                <li>@Html.ActionLink("Home", "Index", "Home")</li>
                <li>@Html.ActionLink("Roles", "Index", "Roles")</li>
                <li>@Html.ActionLink("Evaluaties", "About", "Home")</li>
            </ul>
            @Html.Partial("_LoginPartial")
        </div>
Burst of Ice
  • 386
  • 2
  • 6
  • 23

2 Answers2

1

I found an answer like this, so only when you are logged in you can see the listitem

<div class="navbar-collapse collapse">
            <ul class="nav navbar-nav">
                @if (Request.IsAuthenticated)
                {
                    <li>@Html.ActionLink("Home", "Index", "Home")</li>
                    <li>@Html.ActionLink("Roles", "Index", "Roles")</li>
                    <li>@Html.ActionLink("Evaluaties", "About", "Home")</li>
                }
                else
                {
                    <li>@Html.ActionLink("Home", "Index", "Home")</li>
                    <li>@Html.ActionLink("Roles", "Index", "Roles")</li>
                }

            </ul>
            @Html.Partial("_LoginPartial")
        </div>
Burst of Ice
  • 386
  • 2
  • 6
  • 23
0

use the authorization attribute for action method :

//you may use it without role name: [Authorize]
[Authorize(Roles = "Begeleider")]
public ActionResult About()
    {
            var client = new WebClient();
            var jsonLeerlingen = client.DownloadString(new Uri("http://localhost:8080/projecten/api/leerlingen"));
            var leerlingen = Newtonsoft.Json.JsonConvert.DeserializeObject<IEnumerable<Leerling>>(jsonLeerlingen);
            ViewBag.Message = leerlingen;

        return View();
    }

if you want to hide the link for users not in role use:

if(User.IsInRole("Evaluaties")){
<li>@Html.ActionLink("Evaluaties", "About", "Home")</li>
}
LazZiya
  • 5,286
  • 2
  • 24
  • 37
  • Evaluaties is not a role but if I use the role Begeleider I get an error: _An exception of type 'System.NullReferenceException' occurred in App_Web_tdbnlmww.dll but was not handled in user code Additional information: De objectverwijzing is niet op een exemplaar van een object ingesteld._ – Burst of Ice Aug 25 '16 at 13:26
  • And the first part of what you send I don't think I can use it since another role has a different view, it's not yet finished because it'll need only 1 Leerling and 1 evaluatie with different localhostlinks but this is what I now have: `if (User.IsInRole("Begeleider")) { same code as above } if (User.IsInRole("Leerling")) { same code, but will change later }` – Burst of Ice Aug 25 '16 at 13:28
  • can't use `if(User.IsInRole("Evaluaties")){...` in my .cshtml it'll just be text – Burst of Ice Aug 25 '16 at 13:48
  • if you have two or more roles and want them to access the same method you just need to seperate them by "," like this: [Authorize(Roles="role1, role2, roleN")] – LazZiya Aug 25 '16 at 14:59