Last week i migrated one of the projects i work on from .NET MVC to .NET Core.
It surprised me that the .NET Core wrappers lack the security trimming feature that the MVC wrappers support. I voted for this feautre request, but that can take ages before it gets implemented (if ever).
So i'm looking for a work around. Is there anybody out there that could give me some advice?
I used the .Action("actionname", "controllername") method of the menu item to get the securitytrimming going.
3 Answers, 1 is accepted
Hello Leo,
We are not aware of any workaround. We will keep an eye on the activity in the feature request, and encourage anyone who's interested in this functionality to vote.
Regards,
Ivan Danchev
Progress Telerik
Virtual Classroom, the free self-paced technical training that gets you up to speed with Telerik and Kendo UI products quickly just got a fresh new look + new and improved content including a brand new Blazor course! Check it out at https://learn.telerik.com/.
Rank 1
I came up with an extension method. My Controllers are decorated with an [Authorize] or [AppAuthorization(permissionItem, permissionLevel)] attribute. Could be adopted to any other custom filter attribute.
Usage:
@(Html.Kendo().Menu() .Name("menu") .Items(items => { items.Add().Text("Home").ActionWithTrimming("Index", "Home", new { Area = "" })......
Extension Method:
public static MenuItemBuilder ActionWithTrimming(this MenuItemBuilder builder, string actionName, string controllerName, object routeValues = null) { string userId = AppAuthorization.GetUserId(builder.ViewContext.HttpContext); Assembly assembly = Assembly.GetAssembly(typeof(Program)); var controlleractionlist = assembly.GetTypes() .Where(type => typeof(Controller).IsAssignableFrom(type)) .SelectMany(type => type.GetMethods(BindingFlags.Instance | BindingFlags.DeclaredOnly | BindingFlags.Public)) .Where(m => !m.GetCustomAttributes(typeof(System.Runtime.CompilerServices.CompilerGeneratedAttribute), true).Any()) .Select(x => new { Controller = x.DeclaringType.Name.Replace("Controller", ""), Action = x.Name, Attributes = x.GetCustomAttributes() }) .ToList(); IEnumerable<Attribute> actionMethodAttributes = controlleractionlist.Where(w => w.Controller == controllerName && w.Action == actionName).SelectMany(s => s.Attributes); bool showMenuItem = true; foreach (var x in actionMethodAttributes) { if (x.GetType() == typeof(Microsoft.AspNetCore.Authorization.AuthorizeAttribute)) { showMenuItem = !string.IsNullOrEmpty(userId); // the username can only be known if the user is authenticated } if (x.GetType() == typeof(AppAuthorization)) { var hoi = (AppAuthorization)x; showMenuItem = AppAuthorization.HasPermission(userId, hoi.Onderdeel, hoi.Permissie); } } if (showMenuItem) { builder.Action(actionName, controllerName, routeValues); } return builder; }Hello Leo,
Thank you for sharing your approach with the community!
Regards,
Ivan Danchev
Progress Telerik
Love the Telerik and Kendo UI products and believe more people should try them? Invite a fellow developer to become a Progress customer and each of you can get a $50 Amazon gift voucher.