In my MVC application I have a few different roles: Admin, General User, etc.,

Question

0

Editorial Team

Asked: May 26, 20262026-05-26T11:05:13+00:00 2026-05-26T11:05:13+00:00

In my MVC application I have a few different roles: Admin, General User, etc.,

0

In my MVC application I have a few different roles: Admin, General User, etc., etc.

I know that I can apply security to my Controllers via the Authorize attribute:

[Authorize(Roles="Admin")]
public ActionResult Create()
{
    return View();
}

But I also need to apply some security to the Views to not display certain sections of the View to certain roles:

@if( User.IsInRole("Admin") )
{
    @Html.ActionLink("Create", "Create")
}

Is it better to do it the above way, or handle this sort of security in a ViewModel:

public ActionResult Index()
{
    var model = new IndexViewModel();

    model.CanCreate = User.IsInRole("Admin");

    return View(model);
}

View:
@( Model.CanCreate )
{
    @Html.ActionLink("Create", "Create")
}

Does the second method have any benefits compared to the first or is it just a preference thing?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-26T11:05:14+00:00

Editorial Team

2026-05-26T11:05:14+00:00Added an answer on May 26, 2026 at 11:05 am

The second way is more preferred, as your business logic will stay at model level.

In your example, business logic is very simple. However, imagine that requirements have changed and now not only Admins can create content, but also General Users that signed up more than 1 month ago. With business logic in view you’d have to update all your views.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

In my MVC application I have a few different roles: Admin, General User, etc.,

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply