ASP.NET MVC 4 How do you serve different HTML based on Role?

Question

On top of allowing only certain Roles to access certain Controller or Action, I would like to serve a slightly different HTML based on the roles.

Admin can see Edit

Answer 1

For menus, consider using MVCSiteMapProvider, which, like other SiteMapProviders, can be configured to use "security trimming", i.e. to only display nodes that the current user is authorized to use. I.e. a site map can be used to generate a menu which will automatically respect the Authorize attributes on controllers and actions.

For visibility of controls (edit button, delete button and the like), add boolean properties to your Model: CanEdit, CanDelete etc, and have your controller populate them based on the user's roles (User.IsInRole).

Separation of concerns dictates that you shouldn't access Roles directly in the View.