Click here to Skip to main content
Click here to Skip to main content

Field Based Security in ASP.NET MVC 3 for Different Roles

, 14 Jun 2012
Rate this:
Please Sign up or sign in to vote.
MVC3 Role base security.

Introduction

This article will show how we can achieve security for each field of your web form in ASP.NET MVC3 for different roles of users.

Override AuthorizeArrtibute and Add Additional Value in Metadata

In order to provide security for each field in ASP.NET application, we can override the Authorize attribute as follows:

[AttributeAssage(AttributeTarget.Property)]
public Class ReadOnlyAuthorizeAttribute : Attribute, ImetaDataAware
{
   public String Roles {get; set;}
   public bool IsReadOnly
   {
     Get
     {
        If(this.Roles ! = null)
        {
           var roleList = this.Roles.Split(‘,’).Select(o => o.Trim()).ToList();
           return !(roleList.Where(role => HttpContext.Current.User.IsInRole(role)).Count() > 0);
        }
        else
           return true;
     }
   }

 
   Public void OnMetataDataCreated(ModelMetaData metadata)
   {
     Metadata.AdditinalValues[“IsReadOnly”] = this.IsReadOnly;
   }
}

The above code checks the logged in user role that is provided along with property Authorize attribute. And on that basis override Metadata to add additional value IsReadOnly.

Model Changes

In Model apply ReadOnlyAuthorize attribute and apply the roles as shown below:

[ReadOnlyAuthorize(“Admin”)]
public string Name {get; set;}

Because of this attribute IsReadOnly will return true for Admin users. Also it will assign Additional value IsReadOnly as true.

Editor Template

Now create a new editor template for Text (String.ascx) and check where Name is readonly or not as shown below: 

<%
   var attribute = new System.Collection.Generic.Dictionary<String, object()> ;
    var isReadOnly = false;
    if(ViewData.ModelMetaData.additionalValues.ContainsKey(“IsReadOnly”))
    {
      isReadOnly = (bool)ViewData.ModelMetaData.additionalValues[“IsReadOnly”];
    }

    If(ViewData.ModelMetaData.IsReadOnly || isReadOnly)
    {
       attribute.Add(“readonly”,”readonly”);
        attribute.Add(“disabled”,” disabled”);
    }
%>

<%: Html.TextBox(string.Empty, ViewData.TemplateInfo.FormattedModelValue, attribute)%>

View Changes

In view use EditorFor Name field as show:

<%: Html.EditorFor(m => Model.Name) %>

As in Model, Name is string so it will go to above editor template String.ascx. And in template it will check for IsReadOnly value. On that basis it will add readonly and disabled html attribute.

In this way we can make Name field as editable as well as readonly by having ReadOnlyAuthorize attribute with different roles.

Similarly we can have editor templates for different controls like TextBox, DropDown, TextArea etc. And can make that field as readonly or editable depending upon the logged in user roles.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Share

About the Author

Ajay Bachale
Technical Lead
India India
No Biography provided

Comments and Discussions

 
QuestionGood! Pinmemberphung van hung10-Aug-12 17:32 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Mobile
Web03 | 2.8.140827.1 | Last Updated 14 Jun 2012
Article Copyright 2012 by Ajay Bachale
Everything else Copyright © CodeProject, 1999-2014
Terms of Service
Layout: fixed | fluid