开发者

Strategies for selective rendering of views based on authorization in ASP.NET MVC?

I can do authorization easily on the controller actions using the Authorization attribute. But how do I render views as easily as using Authorization attribute?

For example, if I have a menu and the user is unauthorized for certain menus, how would I hide those menu items?

Let's say I have a page that renders a table with add/edit/de开发者_如何学Pythonlete links. I have controller actions that correspond to those links and so the unauthorized user cannot perform those actions. But I'd like to go further by hiding them altogether.

What I have now is a spaghetti of a mess that checks for user permissions in the view - whole bunch of <% if (user.hasPermission(..) { %> ... <% } %>. It's unruly.

What strategies are there to mitigate this mess? Certainly I can't be the first one to have run into this dilemma.


I think a "security trimming" ActionLink helper would solve your problem nicely:

"Security aware" action link?

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜