Authorization in Asp.Net MVC

6

I'll try to be clear.

In most instances of authentication and authorization of access in ASP.NET MVC, I see that the authorization control is usually done in Controller , with the decoration of the class itself inherited from Controller , or even by decoration of the Actions with attribute Authorize . With this in practice, all items contained within my view attached to this Action will be on the same authorization level.

The question is: Is there any elegant way to make a component of my view change rule according to Role of user?

Simple example: One button appears only for users of type Administrator, something very specific.

I thought of something like, passing the user access level to a viewbag and making a condition to display the example button with Razor , I do not know if this solution would be the most appropriate. Is there any more elegant way?

    
asked by anonymous 24.11.2015 / 19:16

1 answer

7
  

Is there any elegant way to make a component of my view change rule according to the Role

Yes:

@if (User.IsInRole("Administradores")) { ... }

It may be necessary to type RoleProvider or enable ASP.NET Identity Roles support, which is not enabled by default.

  

I thought of something like, pass the user access level in a viewbag and make a condition to display or not the example button with Razor, I do not know if this solution would be the most appropriate.

This is the bad way to do it, and also the hardest one.

    
24.11.2015 / 19:21