link2329 link2330 link2331 link2332 link2333 link2334 link2335 link2336 link2337 link2338 link2339 link2340 link2341 link2342 link2343 link2344 link2345 link2346 link2347 link2348 link2349 link2350 link2351 link2352 link2353 link2354 link2355 link2356 link2357 link2358 link2359 link2360 link2361 link2362 link2363 link2364 link2365 link2366 link2367 link2368 link2369 link2370 link2371 link2372 link2373 link2374 link2375 link2376 link2377 link2378 link2379 link2380 link2381 link2382 link2383 link2384 link2385 link2386 link2387 link2388 link2389 link2390 link2391 link2392 link2393 link2394 link2395 link2396 link2397 link2398 link2399 link2400 link2401 link2402 link2403 link2404 link2405 link2406 link2407 link2408 link2409 link2410 link2411 link2412 link2413 link2414 link2415 link2416 link2417 link2418 link2419 link2420 link2421 link2422 link2423 link2424 link2425 link2426 link2427 link2428 link2429 link2430 link2431 link2432 link2433 link2434 link2435 link2436 link2437 link2438 link2439 link2440 link2441 link2442 link2443 link2444 link2445 link2446 link2447 link2448 link2449 link2450 link2451 link2452 link2453 link2454 link2455 link2456 link2457 link2458 link2459 link2460 link2461 link2462 link2463 link2464 link2465

[Vue.js] Conditional Vue component rendering based on ASP Policy assignment

there is an .NET Core backend which is served by a Vue.js frontend.

We have a one-to-many Customer-User relationship, and want to be able to assign one or many users to administrate other users for their customer account.

Using Razor views this was simple as I could simply use

UserManager.IsInRole(“Admin”) { // admin panel button here }…

And serve a clickable button, which would direct to a route authorized using

[Authorize(Roles = “Admin”)].

At run-time, the Razor view simply wouldn’t compile the Admin Panel button if you weren’t in the correct Role, but I’m struggling to achieve similar/identical logic when using a JWT Bearer Token and Policy.

I can authorizes Routes or Actions using Policy assignment:

// Startup.cs
options.AddPolicy(“User”, policy => policy.RequireClaim(JwtConstants.JwtClaimIdentifiers.Rol, JwtConstants.JwtClaims.User));

// Controller.cs
[Authorize(Policy = “User”)]

But I’m struggling to decide how to conditionally mount a vue.js component for the Admin Panel based on the policy assigned to the user.

In the backend everything is correctly authorized, so you can’t navigate or interact with admin controls without being assigned an Admin policy, but rendering this sensibly on the frontend is causing some trouble.

A simple solution would be to simply return an object once a successful signin is completed, such as:

var auth = {
Jwt: ‘xxxxxxxxx’,
Policy: ‘Admin’

And then save the Policy prop in LocalStorage, then mount the admin Component based off that, but I’m wondering if there’s a better way that won’t expose the Admin controls to someone who can (trivially) edit LocalStorage?

Solution :

One may add user related info inside the jwt when creating the token.