tags:

views:

252

answers:

2
Q: 

ASP.NET MVC View - Display something base on Authorize

Hi all,

Sorry if you found that I'm asking stupid questions. But I'm new to asp.net and I'm facing a problem:

I'm writing a simple blog to learn asp.mvc, and I want to display an Edit link next to the blog Title if the user is logged in. Currently I have to add the currentUser object to Model and check the IsLogged properties to decide if I should display the Edit link or not. The problem is if there is no logged in user, I have to create an fake currentUser to insert to Model in other to make it work. What's asking is there is any other elegant way to do this. For example we can use [Authorize] attribute in Controller to allow access to an Action or not. There is any similar way to apply for the View ?

A: 

Make the IsLoggedIn a boolean property of the model itself. This way, you can have CurrentUser equal to null when IsLoggedIn is false. Your view would check IsLoggedIn and never call anything on CurrentUser if it's false. This way, NullReferenceException is circumvented.

You can also throw away the IsLoggedIn property altogether and check if a user has logged in directly by using CurrentUser != null.

Mehrdad Afshari  2009-03-26 10:30:58
Thanks for your quick answer, but there is any solution that doesn't need to put the CurrentUser into model, let say we have lot of View that require to check for login user and then display something, return the CurrentUser in every View is very tidy task.
Thanh Tran  2009-03-26 10:37:10
You'll be breaking the MVC model if you do that. The View should rely on nothing except the Model object for rendering.
Mehrdad Afshari  2009-03-26 10:40:44
You shouldn't fetch the data current user data directly from the view. It should be done in the controller. You can, however, write an ActionFilter to intercept the requests in the controller and save the CurrentUser in `ViewData` to be accessed by the views in the future.
Mehrdad Afshari  2009-03-26 10:43:11
+2  A: 

If you are using Forms authentication, this property already exists in the Request object :

Request.IsAuthenticated

In your view, you can solve you problem doing something like this : 

<%  if(this.Request.IsAuthenticated)
    {
%>
    <%= Html.ActionLink("Edit", url - to - action) %>
<%  }
%>

But I think you real problem is checking that the current user is the one that can edit the current blog. In that case, you can do an extension method CanEdit on the ViewPage object :

<%  if(this.CanEdit(this.User))
    {
%>
    <%= Html.ActionLink("Edit", url - to - action) %>
<%  }
%>

The extension would look like something like that :

public static class ViewExtensions
{
    public static bool CanEdit(ViewPage view, MyUser user)
    {
        bool retour = false;

        if(principal != null)
        {
            // get your blog from the view
            Blog blog = view.ViewData["myBlog"];
            // check if the principal is the owner
            retour = (blog.Owner.Id == user.Id);
        }
        return retour;
    }
}
Mose  2009-03-26 11:07:49

related questions

What's the best way to implement field validation using ASP.NET MVC?
How do I handle page flow in MVC (particularly asp.net)
Entity diagrams in ASP.NET MVC
How do I get rid of Home in ASP.Net MVC?
Can I generate ASP.NET MVC routes from a Sitemap?
ASP.NET Model-view-controller (MVC) - where do I start from?
user controls and asp.net mvc
ASP.Net MVC route mapping
RSS Feeds in ASP.NET MVC
Open Source Licensing Options for ASP.NET MVC Application?
Does the OutputCacheFilter in the Microsoft MVC Preview 4 actually save on action invocations?
MVC Learning Resources
Validating posted form data in the ASP.NET MVC framework
Best mock framework that can do both WebForms and MVC?
Use the routing engine for form submissions in ASP.NET MVC Preview 4
How do you get a custom id to render using HtmlHelper in MVC
MVC Preview 4 - No route in the route table matches the supplied values.
Is there a way to include a fragment identifier when using Asp.Net MVC ActionLink, RedirectToAction, etc. ?
In ASP.NET MVC I encounter an incorrect type error when rendering a user control with the correct typed object
ASP.NET MVC - Is it worth it yet?
Multiple languages in an ASP.NET MVC application?
Is it better to create Model classes, or just stick with generic database utility class?
ASP.NET MVC Without Visual Studio
ASP.NET MVC "CRUD" Database Sample
How to RedirectToAction in ASP.NET MVC without losing request data