Show or hide navigation menu based on user role in asp net core
HTML-код
- Опубликовано: 8 фев 2025
- How to show or hide navigation menu items based on the logged-in user role in asp.net core mvc.
Healthy diet is very important for both body and mind. We want to inspire you to cook and eat healthy. If you like Aarvi Kitchen recipes, please support by sharing, subscribing and liking.
/ @aarvikitchen5572
Text version of the video
csharp-video-t...
Slides
csharp-video-t...
ASP.NET Core Text Articles & Slides
csharp-video-t...
ASP.NET Core Tutorial
• ASP.NET core tutorial ...
Angular, JavaScript, jQuery, Dot Net & SQL Playlists
www.youtube.co...
If the logged-in user is in Admin role, then we want to display Manage Roles navigation menu item. If the logged-in user IS NOT in Admin role, then Manage Roles navigation menu item should not be displayed.
Show or hide navigation menu based on logged-in user role
Navigation menu is in the laylout view (_Layout.cshtml).
Inject SignInManager service into the layout view using @inject directive
Use the SignInManager service, IsSignedIn() method and IsInRole() method to check if the user is signed in and if the user is in the Admin role
@using Microsoft.AspNetCore.Identity
@inject SignInManager[ApplicationUser] SignInManager
[ul class="navbar-nav"]
[li class="nav-item"]
[a class="nav-link" asp-controller="home" asp-action="index"]List[/a]
[/li]
[li class="nav-item"]
[a class="nav-link" asp-controller="home" asp-action="create"]Create[/a]
[/li]
@if (SignInManager.IsSignedIn(User) && User.IsInRole("Admin"))
{
[li class="nav-item"]
[a class="nav-link" asp-controller="Administration" asp-action="ListRoles"]
Manage Roles
[/a]
[/li]
}
[/ul]
What if the user types the URL in address bar
The URL associated with Manage Roles navigation menu item is /Administration/ListRoles. What if the user types this URL directly in the address bar.
The Authorize attribute on the AdministrationController protects from the unauthorised access. If the logged-in user is not in Admin role, asp.net core automatically redirects the user to /Account/AccessDenied.
[Authorize(Roles = "Admin")]
public class AdministrationController : Controller
{
// Code
}
AccessDenied action in AccountController
public class AccountController : Controller
{
[HttpGet]
[AllowAnonymous]
public IActionResult AccessDenied()
{
return View();
}
// Other actions
}
AccessDenied View
[div class="text-center"]
[h1 class="text-danger"]Access Denied[/h1]
[h6 class="text-danger"]You do not have persmission to view this resource[/h6]
[img src="~/images/noaccess.png" style="height:300px; width:300px" /]
[/div]
No words are wasted in your videos. SIMPLY THE BEST!
I just want to thank you for this video series, you helped me a lot!
This is very helpful to me. Years ago, I also saw the WCF tutorials video of Kudvenkat. It is also very helpful to me.. Thanks!
right dear....its very old but helpful
Thank you I am new in DOT Net and this really helped Alot. Thank you!!!!!
you are a professional teacher thanks a lot
Sir your all topics is unique and very helpful thanks for uploading and supporting
Thanks for this video, I often wonder how it was this was done, it is so simple.
Congratulations on 500k subscribers, you are the best. Keep going!!
Thank you Lazar.
Thank you so much for this video. It was incredibly helpful.
East or West. Sir Venkat is the best.
Nice title
@@technicalcrackedinterviews4392 Lauda
Thank you very much .
great video sir, sir, if the menu we use is menu responsive from css@bootstrap, not the menu from visual studio provide, can we use this way also?
nice video Sir.
Nice explanation sir
Awesome tutorial series. best of the best vankat. I request you to make some videos series on PYTHON also after finish core mvc this series. thank you. god bless you vankat.
nice approach ...till then you can visit other links bro.
When new user register on website which role by default they have? Admin role can edit and delete but in this project every login user can do. How to prevent this on role base in asp.net core.
Tq
sir how can I set roles name dynamically in view for condition. here you are set hard code name.
do you have any videos that will allow me to add hyperlinks to the razor page from the controller class
I have a problem. When I set the [Authorize(Roles = "Admin")] for AdministrationController, no matter what Role do I have, it always takes me to LogIn page (Account/Login?ReturnUrl=%2FAdministration%2FListRoles). I saw a solution to make custom decoration for role authorization, however, I would like to make it work the normal way, with [Authorize(Roles = "Admin")]. Does anyone managed to solve this?
Ok, that was quick...I have tried to fix it for quite a piece of time before I asked this, and the answer came to me a moment after. Now I will pass the knowledge for the future generations:
Make SURE that in your Startup.cs file the app.UseAuthentication(); is BEFORE, not after app.UseAuthorization();
end of transmission. peace
@@7Andy77 thankkk youuu , you save my lifeeee
@@7Andy77 thankkk youuu , you save my lifeeee
@@khouloudachour you are welcome :) im glad this was helpful! :)
How to implement dynamic authorization instead of hardcode "Admin" ??
Hello Takky - Do you mean storing the resources and roles mapping also in the DB or a separate config file or something else
@@Csharp-video-tutorialsBlogspot yes sir, authorization to specific action is managed dynamically from db. So when sometimes this action we want to change, we can easily updated it without edit code roleName in Authorize attribute. How to do that? Thankyou anyway, cant wait for next video.
1:36 Where does the "User" variable come from?
Put you mouse cursor onto it and hit F12 to see.
I thought we provide different content and links through different layouts that are set through if conditions in _ViewStart ... as in :
if (User.IsInRole("Admin"))
{
Layout = "_AdminLayout";
}
....etc
Got this error: "The type or namespace name 'SignInManager' could not be found (are you missing a using directive or an assembly reference?) [MDPWeb]csharp(CS0246)" and " The type or namespace name 'ApplicationUser' could not be found (are you missing a using directive or an assembly reference?) [MDPWeb]csharp(CS0246)" Im using Visual Studio Code .
Have you added @using Microsoft.AspNetCore.Identity
before SignInManager line?
Hi everyone.. A small query, if access is denied then it could have gone to other controller, why only the account controller..please help me out to understand that..
I think it's because of this: github.com/dotnet/aspnetcore/blob/master/src/Security/Authentication/Cookies/src/CookieAuthenticationDefaults.cs
I have a user is Admin Role, cant get access to Administration page(redirects to Access Denied page) and razor page link is hidden when Authorization attribute is applied. Tried logout and login, cleared cache and checked database everything looks fine. Can someone help?
I got a solution in the below link
stackoverflow.com/questions/52531131/asp-net-core-2-1-identity-role-based-authorization-access-denied/52546946
The issue was I am using asp.net core 2.1, and if you use AddDefaultIdentity in Startup.cs it does not enable Roles by default.
I am using asp.net core 3.1 and I fixed it by changing the process model to out of process. In version 2.1 it was default outOfProcess, but from version 3 they changed to inProcess.
in video 6 of these tutorials they explain how to change that.
For the role process to work, the process model has to be out of process
Can anyone tell me how to implement global logout in .net core 3.1?
where the user comes from in layout view?!
But actually you should explain each and everything for this implementation but you did only for few options why
.net doctor
haha absolutely right