ASP.NET MVC check if user belongs to [x] group - asp.net-mvc

Maybe I'm approaching this the wrong way and should be doing everything in action filters, in which case please point me in the right direction!
I'm setting up my ASP.NET MVC application so that the one HomeController Index action delivers two different types of content, like so:
if(Request.IsAuthenticated)
return View("IndexRegistered");
else
return View("IndexGuest");
This is fine but say I want to split it into three so Administrator members get their own page...
if(Request.IsAuthenticated)
{
if( /* user is a member of administrators */)
return View("IndexAdministrator");
else
return View("IndexCustomer");
}
else
return View("IndexGuest");
Can someone enlighten me as to the missing piece of this puzzle?

Use the Roles property of the Authorize Action Filter:
[Authorize(Roles="Administrators,Moderators")]
public ActionResult SomeAction(){
}
Or use the User.IsInRole() method:
if(User.IsInRole("Administrator")) { ... }

If you look at the Authentication provider which comes out-of-the-box in the default MVC project templates it's easy to add your own role support there and track it in session, so your code above would become:
if(Request.IsAuthenticated)
{
if(Session["Role"] == "Administrator")
return View("IndexAdministrator");
else
return View("IndexCustomer");
}
else
return View("IndexGuest");
and then opens possibilities like:
if(Request.IsAuthenticated)
return View("Index" + Session["Role"]);
else
return View("IndexGuest");

Related

Return Response.Redirect or ActionResult from a single MVC method

I have a MVC method that currently returns an ActionResult - I have had to make some changes and based on the business logic I want to do a response.redirect instead.
So I want to do something like this:
public ActionResult Index(CountryHomePageType currentPage)
{
if (someVar = true)
{
return View();
}
else
{
Response.redirect("www.website.com")
}
}
but I can't becuase Resonse.Redirect is not a ActionResult....
How can I get round this?
If you are redirecting outside of your current mvc application you can use
return Redirect("<your external url>"); // like "https://www.google.com"
if you want to redirecto back you your homepage you can use
return RedirectToAction("Index", "Home");
assuming you are using the default mvc setup
You might want to also look at ActionFilters if you are making this check in multiple places.

Multiple views modifying one object MVC

I am building a service which requires a somewhat lengthy setup process. I have it broken into 4 models and 4 corresponding views. They are Setup, Setup2, Setup3, and Setup4. Each of these views gathers information from the user which is stored in a User object. I have been passing the user along like this:
[HttpPost]
public ActionResult Setup(FormCollection values)
{
User registeringUser = new User();
registeringUser.email = User.Identity.Name;
registeringUser.fName = values["fName"];
registeringUser.lName = values["lName"];
registeringUser.phone = values["phone"];
return RedirectToAction("/Setup2", registeringUser);
}
For some reason, this seems to work just fine for the first jump (from Setup to Setup2) but after that I'm getting weird behavior, such as User. getting set to null when the User is passed to another View.
In a related, but slightly different issue, I need the last screen (Setup4) to be recursive. This screen adds a course in which the user is enrolled, and if they don't check the "This was my last class" button, it needs to basically clear the form so they can enter another course.
The entire Controller looks like this:
[HttpPost]
public ActionResult Setup4(FormCollection values, User registeringUser)
{
// values["allClassesAdded"] returns "false" as a string if box is unchecked, returns "true,false" if checked.
// Solution: parse string for "true"
if (utils.parseForTrue(values["allClassesAdded"]))
{
// TODO Redirect to "congratulations you're done" page.
database.CreateUserInDB(registeringUser);
return Redirect("/Home");
}
else
{
// Build course and add it to the list in the User
course c = new course(values);
if (Request.IsAuthenticated)
{
//registeringUser.currentCourses.Add(c);
registeringUser.AddCourse(c);
return RedirectToAction("/Setup4", registeringUser); // <---- This doesn't really work right
//return View();
}
else
{
return Redirect("/Account/Login");
}
}
}
This is my first project with MVC, so if you find that I'm doing the entire thing completely incorrectly, feel free to not answer the question I asked and offer the proper solution to this need. I'm moving an existing (pure) C# project to MVC and I'm mainly just stuck on how to work within MVC's interesting structure. I'm very grateful for any help you can give!
Thanks!
You can store user related data in session without passing it between requests
Smth like this
[HttpPost]
public ActionResult Step1(Step1Model model)
{
Session["UserRegistration"] = new UserRegistration
{
FirstName = model.fName,
....
}
....
}
[HttpPost]
public ActionResult Step2(Step2Model model)
{
var userRegistration = Session["UserRegistration"] as UserRegistration;
if (userRegistration == null) { return Redirrect("Step1"); }
userRegistration.SomeField = model.someField;
...
Session["UserRegistration"] = userRegistration;
....
}

MVC Url not pathing correctly

I have a link going to
<a class="k-link" href="/UserView/EditByName?UserName=MVCTest6">Profile</a>
When the link it is clicked it goes to this
URL: http://localhost:3256/MVCTest6/Create
which works when i am logged in as an admin user. (The folder has no security in a web.config setting it apart). This link actually works on another part of the page.
The user also already exist and has been authenticated.
Can this please be explained?
I get it ! This is where the problem is,
return RedirectToAction("Create", User.Identity.Name);
you are using this overload RedirectToAction("Action", "Contoller");
So the later part is taken as the controller. Try other overloads that matches your requirement, if you are trying to pass values to another action, which must be like
return RedirectToAction("Create", new {UserName = User.Identity.Name});
I forgot I had logic in place to redirect if user profile was not created. This was causing the problem. My test user didnt have profile already setup so it was redirecting to the create page
public ActionResult EditByName(string userName)//EditByName
{
if (User.Identity.IsAuthenticated)
{
UserModel usermodel = repository.Get(User.Identity.Name);// db.UserModels.Find(id);
if (usermodel == null)
{
return RedirectToAction("Create", User.Identity.Name);
}
return View(usermodel);
}
else { return RedirectToAction("Login", controllerName: "AccountView"); }
}

Asp.Net MVC3 Redirect

I have an action like shown below. In GetAvailableBookList, I get the list and if there is not any available book redirect to a message page. But in action part code continues to execute and gets an exception and I find myself in error page.
I don't want to use return RedirectToAction or something like that because there are a lot of places where we use this redirect logic in our application.
public ActionResult ActionName()
{
List<BookType> bookList = GetAvailableBookList();
// some code
return View("RelatedView");
}
private List<BookType> GetAvailableBookList()
{
....
list = GetList();
if(list.Count == 0)
{
System.Web.HttpContext.Current.Response.Redirect(messagePageUrl, true);
}
else return list;
}
Unfortunately, Response.Redirect() isn't really friendly with ASP.NET MVC. My rule of thumb is if it comes from HttpContext I don't want to touch it in the controller (of course there are many exceptions to that rule) -- especially since it improves testability.
My suggestion is to use RedirectToAction, but since you don't want to repeat code you can do it in such a way that you don't have to repeat code (although in this case I don't see a problem with repeating code).
public ActionResult LoadBookListAndContinue(
Func<List<BookType>, ActionResult> continuation)
{
var list = LoadBooklist();
if(list.Any())
{
return action(continuation);
}
return new RedirectResult(messagePageUrl);
}
// in your controller
public ActionResult ActionName()
{
return LoadBookListAndContinue(
list => {
// some code
return View("RelatedView");
});
}
Is it pretty? No, but it works better than the Redirect exception.
Use
return RedirectToAction("NoListAvailable");
if you have a specific action you would like to execute. The NoListAvailable action can return a view indicating the problem.
Alternatively, you could return the view directly
return View("NoListAvailable");
The exception you are getting is probably ThreadAbortException and this is something you cannot avoid unless you allow the thread to continue (2nd argument in Response.Redirect).
On a side note your current solution is generally flawed. You should use RedirectToAction in each action when your method returns an empty list.
Throwing a specific exception and redirect where you catch it may be solution
Try to write
System.Web.HttpContext.Current.Response.Redirect(messagePageUrl, false);

Why Doesn't ASP.NET MVC Use Generic Action Methods?

General question as I start implementing ASP.NET MVC, I found myself asking, to avoid boxing and unboxing through the framework (check out the signature for "View"), why wouldn't they have simply used generic methods for actions? Maybe they "should have" and they didn't but maybe someone knows of a good reason.
Thanks in advance!
Sorry, an example would be like so...
Edit(int id)
{
...
if(...)
View<Contact>("Edit");
else
View<ShoppingCart>("Cart");
}
EDIT
UPDATED example to reflect my question more accurately
So I can do this:
public ActionResult Customer(int id )
{
try
{
var customer = DB.GetCustomer(id);
if( customer == null )
{
return RedirectToAction("NoCustomerFound");
}
if( customer.IsApproved )
{
return View( TransformToApproved("Approved", customer);
}
return View( "Unapproved", TransformToUnapproved(customer));
}
catch(Exception e )
{
return View("Error", e );
}
}
Update:
Your updated code would just be syntactic sugar. The Model will still get box'd and unboxed when the MVC pipeline starts executing the action and rendering the view.
Even so if you wrote something like this, I'm assuming you'd actually want to pass a model along someplace. Your example doesn't include it.
public ActionResult View<MODEL>(string view, MODEL viewModel )
{
return View(view, viewModel );
}
The generic parameter wouldn't even matter so you'd end up with the same looking calls:
return View("Edit", contact );

Resources