Enable/Disable menu items based on Authorization/Authentication from Active Directory Group memberships
Hi all!
I wanted to post to the forums here and see if anyone has been successful at using Blazor Authentication/Authorization with Active Directory? (Not Azure Active Directory) this is an on-prem Active Directory.
Here is my scenario:
- A registered Domain User opens the home page
- using the System.Security.Principal @user.Identity.Name for the currently logged in user, query AD and return what AD user groups the user has access to
- Using a returned list of those groups, iterate through them to either grant or deny permissions to components or pages
- During page load, assess if the user can interact with certain items, like the CRUD operations of a data grid; or expose or hide menu items
Here is an example:
- User logs into Windows machine and the user.Identity returns [email protected]
- The applicaiton then queries AD and returns all the groups the user belongs to
- In say, a datagrid, if the user belongs to the "AppEditor" group, the page exposes the CUD of the CRUD operations of the datagrid
- If the user was NOT in that group, they would just get to "Read" the data in the datagrid but not change it.
- If the user was ALSO part of the AddAdmin AD group, then on the main menu of the page, the "Administration" menu item is exposed and will allow them to navigate to the Admin page
I have been looking at this for 2 weeks and I cannot find a good example. Does anyone out there have something similar?
I am also VERY OPEN to other suggestions on how to do this through Active Directory. I have many clients that only use an on-prem Active Directory for application authentication and authorization.
Thank you and I appreciate any and all suggestions and input!!!
Kind Regards,
Jason
SIGN IN To post a reply.
1 Reply
1 reply marked as answer
TS
Thaneegairaj Sankar
Syncfusion Team
February 21, 2022 02:42 PM UTC
Hi Jason,
We can use Authorization for Menu Component by using Procedural logic parameter AuthenticationState. We have bounded menu items by using role-based authorization in onInitialize and use that menu items to Menu component. Please check the below code snippet.
Code snippet:
|
@attribute [Authorize(Roles="user, admin")]
@if (items != null)
{
<SfMenu TValue="MenuItem">
<MenuItems>
@foreach(var item in items)
{
<MenuItem Text="@item.Text"></MenuItem>
}
</MenuItems>
</SfMenu>
}
@code{
private List<MenuData> items;
[CascadingParameter]
private Task<AuthenticationState> authenticationStateTask { get; set; }
protected override async Task OnInitializedAsync()
{
await base.OnInitializedAsync();
var user = (await authenticationStateTask).User;
items = new List<MenuData>();
items.Add(new MenuData { Text = "Home" });
items.Add(new MenuData { Text = "Reports" });
if (user.IsInRole("user"))
{
items.Add(new MenuData { Text = "User" });
}
if (user.IsInRole("admin"))
{
items.Add(new MenuData { Text = "Adminstration" });
}
items.Add(new MenuData { Text = "Contact Us" });
}
public class MenuData
{
public string Text
{
get;
set;
}
}
} |
For your convenience, please check the below sample and video demonstration.
Sample: https://www.syncfusion.com/downloads/support/directtrac/general/ze/Menu_authorization-1440697447
Video: https://www.syncfusion.com/downloads/support/directtrac/general/ze/Menu_authorization_demo-325203440
Please check and get back to us, if you need further assistance.
Regards,
Thaneegairaj S
Marked as answer
SIGN IN To post a reply.
