views:

260

answers:

1

Maybe I'm approaching this the wrong way and should be doing everything in action filters, in which case please point me in the right direction!

I'm setting up my ASP.NET MVC application so that the one HomeController Index action delivers two different types of content, like so:

if(Request.IsAuthenticated)
  return View("IndexRegistered");
else
  return View("IndexGuest");

This is fine but say I want to split it into three so Administrator members get their own page...

if(Request.IsAuthenticated)
{
  if( /* user is a member of administrators */)
    return View("IndexAdministrator");
  else
    return View("IndexCustomer");
}
else
  return View("IndexGuest");

Can someone enlighten me as to the missing piece of this puzzle?

+2  A: 

Use the Role property of the Authorize Action Filter:

[Authorize(Role="Administrators,Moderators")]
public ActionResult SomeAction(){

}

Or use the User.IsInRole() method:

if(User.IsInRole("Administrator")) { ... }
Marwan Aouida
http://blog.wekeroad.com/blog/aspnet-mvc-securing-your-controller-actions/
Filip Ekberg
if(User.IsInRole("Administrator")) was exactly what I needed, thanks!Still open to input if there is a better way to be doing this. In the first instance of using Authorize, it seems like it would be a better way to me (though I can't really way why) except as I understand it, it only offers a blanket allow/deny condition, not multiple conditions which is what I'm after.
FerretallicA
You can add multiple roles to the Role property, I will update the code.
Marwan Aouida
It doesn't matter if you have one or one hundred roles specified in the role property, that example still only gives you a blanket allow or deny rule, not switching based on each of the specified roles. The second example did the job.
FerretallicA