“Security aware” action link?

Question

How can I create a \"security aware\" action link that detects if a user is authorized to click (invoke) the action?
Hide link if user is not allowed to use that action.

Answer 1

jfar's code worked for me for the most part, but I had to make some modifications for MVC4. This is the only method that had to change:

private static bool ActionIsAuthorized(ControllerContext controllerContext, ActionDescriptor actionDescriptor)
{
    if (actionDescriptor == null)
        return false; // action does not exist so say yes - should we authorise this?!

    AuthorizationContext authContext = new AuthorizationContext(controllerContext, actionDescriptor);

    // run each auth filter until on fails
    // performance could be improved by some caching
    foreach (var filter in FilterProviders.Providers.GetFilters(controllerContext, actionDescriptor))
    {
        var authFilter = filter.Instance as IAuthorizationFilter;

        if (authFilter == null)
            continue;

        authFilter.OnAuthorization(authContext);

        if (authContext.Result != null)
            return false;
    }

    return true;
}