dpaquette
commented
5 years ago This is actually a pretty common scenario but I'm not sure how best to solve for it. I am open to suggestions. Here are a couple options I am kicking around:
Introducing an authorize tag
<authorize asp-policy="somePolicy">
<authorized> <div> this will only be rendered if the user is authorized </div> </authorized>
<not-authorized> <div> this will only be rendered if the user is not authorized </div> </not-authorized>
</authorize>This one is a little verbose but should be pretty clear what is happening.
Introducing an asp-not-authorize attribute
<div asp-authorize asp-policy="somePolicy"> this will only be rendered if the user is authorized </div>
<div asp-not-authorize asp-policy="somePolicy"> this will only be rendered if the user is not authorized </div> This one is less verbose than the first option but it would require the policy to be evaluated twice which seems like a bad idea.
For the authorize tag helpers, a typical case that I didn't see covered would be needing to show one section of html to authorized users and show a different section of html to non-authorized users. Maybe something like a
asp-authorize-anonymous.I didn't see a way of doing this with current tag helpers but it could be useful and effectively eliminate if-elses in razor based on user being logged in.