Home/ Questions/Q 6738059
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-26T11:19:19+00:00

In our new very large MVC3 application, we have a security problem to solve.

  • 0

In our new very large MVC3 application, we have a security problem to solve. Our structure is that for each controller, there is one viewModel and one viewModelGenerator class. The viewModelGenerator class is responsible for building the viewModel from as many data tables as required.

Our issue is that each user is restricted to only seeing the data for their “office”. So we have to pass the users “office” information to each viewModelGenerator.

Is there a way to access the user profile data without having to pass it as a parameter from the controller? I could pass the value in via the constructor, but we are homing there is a cleaner way of doing it. I’ve seen posts on SO on how to get the user Identity, but not the full profile.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Our structure is that for each controller, there is one viewModel

    That’s a wrong structure. You should have a view model per view and not a view model per controller.

    Is there a way to access the user profile data without having to pass
    it as a parameter from the controller?

    No and it is not recommended to have a service layer which pulls such data. This data has to be pushed to the service layer from its owner (which is the UI layer)

    This being said in ASP.NET MVC there are more MVCish ways to achieve user authorization. One example is to write a custom [Authorize] attribute which will be executed before each action and would verify if the user is authorized to access the information.

    • 0