I'm developing an Asp.NET MVC5 web application (.NET 4.6) and I need to show some extra lines of HTML to a group of users with a specific claim. I've seen some verbose solutions but I prefer to keep it short, so I came up with this
@{
if (System.Security.Claims.ClaimsPrincipal.Current.Claims.ToList().FirstOrDefault(c => c.Type == "role" && c.Value == "AwesomeUserRole") != null) {
<!-- my HTML goes here -->
}
}
Is it a good way to check for an authenticated user claim or is there a best practice to follow? Any cleaner / more efficient solution is welcome as well.
Because all Identity
objects in ASP.NET are now a ClaimsIdentity
, you could always cast the current IPrincipal
to a ClaimsIdentity
:
((System.Security.Claims.ClaimsIdentity)User.Identity).HasClaim("role", "AwesomeUserRole")
But it is actually easiest to just use User.IsInRole("AwesomeUserRole")
As long as you haven't changed the default configuration, claims with the type of role
are automatically fed into the roles collection for the thread principal.
If you need to check for additional claim types besides roles, I usually create a set of extension methods for IPrincipal
that wrap the claim checks:
public static bool CanDoX(this IPrincipal principal)
{
return ((ClaimsIdentity)principal.Identity).HasClaim(claimType, claimValue);
}
The benefit of the extension method is that you can check for any kind of claim and return any values they may contain, not just whether or not the claim exists.