0

Allow users with roles to access controller methods dynamically. I have a typical scenario where I want to allow users to access the pages dynamically as the prvilege set to each roles can be change by a userinterface. I have three actionresult

Controller:

 public class HomeController : Controller
 {
[CustomAuthorize(Roles="Admin")]
Public Actionresult UI01(){
return View();
}

[CustomAuthorize(Roles="Admin")]
Public Actionresult UI02(){
return View();
}

[CustomAuthorize(Roles="Admin")]
Public Actionresult UI03(){
return View();
}
}

View: I hide the menu items by checking the admin role.

@*menu items*@
  @if((Roles.IsUserInRole("Admin")){
  <li>@Html.ActionLink("Rating", "UI01", "Home")</li>
}
@if((Roles.IsUserInRole("Admin")){

  <li>@Html.ActionLink("Map", "UI02", "Home")</li>
}
@if((Roles.IsUserInRole("Admin")){
  <li>@Html.ActionLink("Sales", "UI03", "Home")</li>
}

authorize attribute classs:

public class CustomAuthorize : AuthorizeAttribute
    {
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
        {
            if (!filterContext.HttpContext.User.Identity.IsAuthenticated)
            {
                base.HandleUnauthorizedRequest(filterContext);
            }
            else
            {
                filterContext.Result = new RedirectToRouteResult(new
                RouteValueDictionary(new { controller = "Account", action = "Error" }));
            }
        }
    }

I have a seperate module to assign privilege to the users to access the UI01,UI02,UI03 as following.

    Page name   Admin   Employee  Customer
------------------------------------------------
    Rating      1         0         0
    Map         1         0         0
    Sales       1         0         0

    *1-allow
    *0-Deny access

Currenly All the three UIs allow only Admin role. But I need to set access dynamically to the Controller methods with respective of the privilege set in the above UI.

Edit: I have created Customauthorize attribute for each Page/actionresult and got the result successfully using the method in this link asp.net mvc decorate [Authorize()] with multiple enums

But my problem now is to hide the menus in layout(view) page

Community
  • 1
  • 1
gs11111
  • 649
  • 2
  • 17
  • 49

1 Answers1

1

At the moment your assigning privileges to "groups" of users. It might be easier to assign the privileges to the individual users using something more like:

public class HomeController : Controller
{
    [CustomAuthorize(Roles="Rating")]
    public ActionResult UI01(){
        return View();
    }

    [CustomAuthorize(Roles="Map")]
    public ActionResult UI02(){
        return View();
    }

    [CustomAuthorize(Roles="Sales")]
    public ActionResult UI03(){
        return View();
    }
}

And the UI would look like:

@*menu items*@
@if((Roles.IsUserInRole("Rating")){
  <li>@Html.ActionLink("Rating", "UI01", "Home")</li>
}

@if((Roles.IsUserInRole("Map")){
  <li>@Html.ActionLink("Map", "UI02", "Home")</li>
}

@if((Roles.IsUserInRole("Sales")){
  <li>@Html.ActionLink("Sales", "UI03", "Home")</li>
}

You could then create an admin page to assign the roles to users. Using code like:

System.Web.Security.Roles.AddUserToRole("MyUserName", "Rating");
Lee Gunn
  • 8,417
  • 4
  • 38
  • 33
  • Thankyou for your time , I dont't get it.Can you please brief it how can i get values to Roles("Rating") dynamically? – gs11111 Jul 11 '14 at 09:12
  • You can create an admin page and use: `Roles.AddUserToRole("MyUserName", "Rating");` – Lee Gunn Jul 11 '14 at 09:50
  • I have predefined roles called as'Admin','Employee' and 'customer'.Currently users having Admin privilege can access all the UIs since '1' is set . admin access can be restricted if I change SAles to '0' . – gs11111 Jul 11 '14 at 10:03
  • I was suggesting you could add new Roles (Rating, Map & Sales) and assign these to individual users but maybe this doesn't suit your needs. If you want to assign Privileges to Roles (e.g. Rating to Employee then you'll have to write a fair bit of custom code). – Lee Gunn Jul 11 '14 at 10:38
  • I suppose you could have an admin page that loops over all users in a particular role (e.g. Employee) and adds the privileges (e.g. Rating - just another role) to each user. – Lee Gunn Jul 11 '14 at 10:40
  • According to my functionality, I cannot decide whther to add a user to a particular group role since the privilege for a role is dynamic. :( – gs11111 Jul 11 '14 at 11:23
  • Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/57149/discussion-between-gs11111-and-lee-gunn). – gs11111 Jul 11 '14 at 11:24