Disable input fields in MVC view for role-based authorization using ASP.net identifier

Question

Disable input fields in MVC view for role-based authorization using ASP.net identifier

I overridden the AuthorizeAttribute class for role-based authorization in our MVC application.

[HttpPOST] [CustomAuthorize(Roles = "AddCOA")] public ActionResult Edit([Bind(Include = "N100,S104,S103,S101,S1,S100,D1")] TrM trM) { if (ModelState.IsValid) { db.Entry(trM).State = EntityState.Modified; db.SaveChanges(); return RedirectToAction("View",trM); } return View(trM); }

I call this controller method from the view with a list of vouchers. Now I need to disable the Change ActionLink button for a specific role , How can i do this?

 @Html.Actionlink("Edit", "Edit", "Controller", new{@class = "btn btn-success"})

Now it automatically redirects the view to the login page.

+4

javascript c # asp.net-mvc asp.net-identity

geekowls Aug 08 '15 at 6:30

source share

2 answers

Method 1:

You can handle it on the server side using your own ActionLink extension, which checks if there will be a link to edit the user link based on the role:

 public static class LinkExtensions { public static MvcHtmlString ActionLinkAuthorized(this HtmlHelper htmlHelper, string linkText, string actionName) { return htmlHelper.ActionLinkAuthorized(linkText, actionName, null, new RouteValueDictionary(), new RouteValueDictionary()); } public static MvcHtmlString ActionLinkAuthorized(this HtmlHelper htmlHelper, string linkText, string actionName, object routeValues) { return htmlHelper.ActionLinkAuthorized(linkText, actionName, null, new RouteValueDictionary(routeValues), new RouteValueDictionary()); } public static MvcHtmlString ActionLinkAuthorized(this HtmlHelper htmlHelper, string linkText, string actionName, string controllerName) { return htmlHelper.ActionLinkAuthorized(linkText, actionName, controllerName, new RouteValueDictionary(), new RouteValueDictionary()); } public static MvcHtmlString ActionLinkAuthorized(this HtmlHelper htmlHelper, string linkText, string actionName, RouteValueDictionary routeValues) { return htmlHelper.ActionLinkAuthorized(linkText, actionName, null, routeValues, new RouteValueDictionary()); } public static MvcHtmlString ActionLinkAuthorized(this HtmlHelper htmlHelper, string linkText, string actionName, object routeValues, object htmlAttributes) { return htmlHelper.ActionLinkAuthorized(linkText, actionName, null, new RouteValueDictionary(routeValues), new RouteValueDictionary(htmlAttributes)); } public static MvcHtmlString ActionLinkAuthorized(this HtmlHelper htmlHelper, string linkText, string actionName, RouteValueDictionary routeValues, IDictionary<string, object> htmlAttributes) { return htmlHelper.ActionLinkAuthorized(linkText, actionName, null, routeValues, htmlAttributes); } public static MvcHtmlString ActionLinkAuthorized(this HtmlHelper htmlHelper, string linkText, string actionName, string controllerName, object routeValues, object htmlAttributes) { return htmlHelper.ActionLinkAuthorized(linkText, actionName, controllerName, new RouteValueDictionary(routeValues), new RouteValueDictionary(htmlAttributes)); } public static MvcHtmlString ActionLinkAuthorized(this HtmlHelper htmlHelper, string linkText, string actionName, string controllerName, RouteValueDictionary routeValues, IDictionary<string, object> htmlAttributes) { if (UserInRole()) // your business logic here for role check { return htmlHelper.ActionLink(linkText, actionName, controllerName, routeValues, htmlAttributes); } return MvcHtmlString.Empty; } }

and use it in the view:

 @Html.ActionLinkAuthorized("Edit", "Edit", "Controller", new{@class = "btn btn-success"})

Method 2:

You can change your custom attribute code to redirect to a page that displays a user that he / she is unauthorized to view this page:

 public class AuthorizationAttribute : ActionFilterAttribute { public override void OnActionExecuting(ActionExecutingContext filterContext) { string actionName = filterContext.ActionDescriptor.ActionName; string controllerName = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName; if (!AllowedToAccess()) // if not in specific role show page with message that user is unauthorized to view this page { string redirectUrl = string.Format("?returnUrl={0}", filterContext.HttpContext.Request.Url.PathAndQuery); filterContext.HttpContext.Response.Redirect(FormsAuthentication.LoginUrl + redirectUrl, true); } else { base.OnActionExecuting(filterContext); if authorized user allow it to view } }

and in Web.Config set the url for this action, which is called when the user is not in the role:

 <authentication mode="Forms"> <forms loginUrl="~/UnAuthorized" timeout="2880" /> </authentication>

+2

Ehsan sajjad Aug 08 '15 at 6:47

source share

alisabzevari · Accepted Answer · 2015-08-08T06:47:36+0000

You can use a razor to check if the current user is in the specified role or not:

 @if (User.IsInRole("AddCOA")) { @Html.Actionlink("Edit", "Edit", "Controller", new { @class = "btn btn-success" }) } else { @Html.Actionlink("Edit", "Edit", "Controller", new { @class = "btn btn-success disbled" }) }

Disable input fields in MVC view for role-based authorization using ASP.net identifier

Method 1:

Method 2:

More articles: