Search code examples
asp.netasp.net-membershiprolesadministratoruserid

Detecting is a user is an administrator (or any type) per page, asp.net mvc default membership provider


I'm building a web application, and I would like to make certain functions on the front end visible when a user is logged in as an administrator.

I am using the default membership provider, but I have an extension table called userFields which i use for storing user settings.

I have just added a UserType field to this table, and am now considering how will be best to pick this up on the pages.

I don't really want to have to add extra code to each controller method to get this information out of the db, and pass it through.

Is there a better way to do this, either using the built in roles settings in asp.net membership, OR is there a cool way I can expose this information from my db, in the same way user.identity.name works or (User.Identity.Name).ProviderUserKey;


Solution

  • As long as you are using the standard authentication method that places the user object in the context it shouldn't be too hard. In your view, use Html.RenderPartial and the appropriate controller to accomplish what you want like this...

    /Home/Index View:

    <div id="menu">
    <ul>
    <li>Page 1</li>
    <li>Page 2</li>
    <% Html.RenderPartial("/Home/AdminView"); %>
    </ul>
    </div>
    

    /Home/Admin View:

    <li>Admin 1</li>
    <li>Admin 2</li>
    

    /Shared/Empty View:

    <!--Empty view for non-viewable admin stuff-->
    

    /Home Controller:

    public ActionResult AdminView()
    {
      //Check if user is admin
      //This should be your own logic... I usually have a few static methods that the 
      //Users or User object has to assist with checking
      if (Models.User.IsAdmin(HttpContext.User.Identity.Name))
      {
        return View();
      }
      else
      {
        return View("Empty");
      }
    }
    

    That should work... It's how I do it. If it's wrong, hopefully someone smarter posts a better answer so we can both learn

    EDIT:

    Just thought of something else... If your user object implements IPrincipal, you could extract it from the context, cast it to your user type and have the information right in the user class...

    Kind of like this

    class User : IPrincipal
    {
      //Implement IPrincipal stuff
      public string Role { get; set; }
    }
    

    Then the admin view logic could look like this:

    public ActionResult AdminView()
    {
      //Check if user is admin
      //This should be your own logic... I usually have a few static methods that the 
      //Users or User object has to assist with checking
      if ( ((Model.User)HttpContext.User).Role =="Admin" )
      {
        return View();
      }
      else
      {
        return View("Empty");
      }
    }