This is a migrated thread and some comments may be shown as answers.

Security Trimming

3 Answers 122 Views
Menu
This is a migrated thread and some comments may be shown as answers.
Leo
Top achievements
Rank 1
Leo asked on 23 Mar 2021, 07:49 PM

Last week i migrated one of the projects i work on from .NET MVC to .NET Core. 
It surprised me that the .NET Core wrappers lack the security trimming feature that the MVC wrappers support. I voted for this feautre request, but that can take ages before it gets implemented (if ever). 
So i'm looking for a work around. Is there anybody out there that could give me some advice?

 

I used the .Action("actionname", "controllername") method of the menu item to get the securitytrimming going.

3 Answers, 1 is accepted

Sort by
0
Ivan Danchev
Telerik team
answered on 26 Mar 2021, 03:08 PM

Hello Leo,

We are not aware of any workaround. We will keep an eye on the activity in the feature request, and encourage anyone who's interested in this functionality to vote.

Regards,
Ivan Danchev
Progress Telerik

Virtual Classroom, the free self-paced technical training that gets you up to speed with Telerik and Kendo UI products quickly just got a fresh new look + new and improved content including a brand new Blazor course! Check it out at https://learn.telerik.com/.

0
Leo
Top achievements
Rank 1
answered on 29 Mar 2021, 09:17 AM

I came up with an extension method. My Controllers are decorated with an  [Authorize]  or [AppAuthorization(permissionItem, permissionLevel)] attribute. Could be adopted to any other custom filter attribute.

Usage:

@(Html.Kendo().Menu()
    .Name("menu")
    .Items(items =>
    {
        items.Add().Text("Home").ActionWithTrimming("Index", "Home", new { Area = "" })
......

 

Extension Method:

public static MenuItemBuilder ActionWithTrimming(this MenuItemBuilder builder, string actionName, string controllerName, object routeValues = null)
        {
            string userId = AppAuthorization.GetUserId(builder.ViewContext.HttpContext);
 
            Assembly assembly = Assembly.GetAssembly(typeof(Program));
            var controlleractionlist = assembly.GetTypes()
                    .Where(type => typeof(Controller).IsAssignableFrom(type))
                    .SelectMany(type => type.GetMethods(BindingFlags.Instance | BindingFlags.DeclaredOnly | BindingFlags.Public))
                    .Where(m => !m.GetCustomAttributes(typeof(System.Runtime.CompilerServices.CompilerGeneratedAttribute), true).Any())
                    .Select(x => new { Controller = x.DeclaringType.Name.Replace("Controller", ""), Action = x.Name, Attributes = x.GetCustomAttributes() })
                    .ToList();
 
            IEnumerable<Attribute> actionMethodAttributes = controlleractionlist.Where(w => w.Controller == controllerName && w.Action == actionName).SelectMany(s => s.Attributes);
             
            bool showMenuItem = true;
            foreach (var x in actionMethodAttributes)
            {
                if (x.GetType() == typeof(Microsoft.AspNetCore.Authorization.AuthorizeAttribute))
                {
                    showMenuItem = !string.IsNullOrEmpty(userId); // the username can only be known if the user is authenticated
                }
                 
                if (x.GetType() == typeof(AppAuthorization))
                {
                    var hoi = (AppAuthorization)x;
                    showMenuItem = AppAuthorization.HasPermission(userId, hoi.Onderdeel, hoi.Permissie);
                }
            }
            if (showMenuItem)
            {
                builder.Action(actionName, controllerName, routeValues);
            }
            return builder;
        }
0
Ivan Danchev
Telerik team
answered on 01 Apr 2021, 07:05 AM

Hello Leo,

Thank you for sharing your approach with the community!

Regards,
Ivan Danchev
Progress Telerik

Love the Telerik and Kendo UI products and believe more people should try them? Invite a fellow developer to become a Progress customer and each of you can get a $50 Amazon gift voucher.

Tags
Menu
Asked by
Leo
Top achievements
Rank 1
Answers by
Ivan Danchev
Telerik team
Leo
Top achievements
Rank 1
Share this question
or