Home/ Questions/Q 9152743
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-17T12:07:47+00:00

I am looking to create a security trimmed (basically if you don’t have permission

  • 0

I am looking to create a security trimmed (basically if you don’t have permission don’t render) Html.RenderAction.

The aim is to display various widgets/page components and if the person doesn’t have permission on the action the RenderAction doesn’t get called (or at least doesn’t cause a re-direct to login page). For example the page is shown to all logged in users. However there will be parts that are only for HR, Business Development and if you are in HR and Business development you would get both parts etc.

Each part called by RenderAction is stand-alone so it means I can easily make pages that contain all the required parts but then they just don’t display if the user isn’t permitted. If I call RenderAction on for an action someone doesn’t have permission to then it causes them to get re-directed to login page.

I have seen something similar done with links but as anyone done anything similar for Actions?

I was hoping to get something like:

@Html.RenderSecurityTrimmedAction("Main","Business-Widget1")
@Html.RenderSecurityTrimmedAction("Main","HR-Widget")
@Html.RenderSecurityTrimmedAction("Main","General-Widget3")

Where Widget access is based on the persons current role. I have security access working perfectly. It’s mainly creating a RenderAction that doesn’t uncenssarily run the Action if the user doesn’t have perission

I want to keep the code DRY so I don’t want to be carrying lots of ViewModel properties and then having to wrap every Html.RenderAction in an if statement. These components will appear in a variety of places so I want them to be plug and play.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I implemented the following:

        public static void SecurityTrimmedRenderAction(this HtmlHelper htmlHelper,
                                                  ActionResult actionResult)
    {
        var routeValueDictionary = actionResult.GetRouteValueDictionary();
        var actionName = (string)routeValueDictionary["Action"];
        var controllerName = (string)routeValueDictionary["Controller"];
        //var areaName = (string)routeValueDictionary["Area"];
        var hasActionPermission = SecurityTrimmingExtensions.HasActionPermission(htmlHelper, actionName,
                                                                                 controllerName);
        if (hasActionPermission)
        {
            htmlHelper.RenderAction(actionResult);
        }
    }

    The SecurityTrimmingExtensions follows the code found here: ASP.Net MVC how to determine if a user can access a URL?

    I don’t have to touch Authorize doing it this way as the code isn’t called if the current user doesn’t have permissions

    • 0