ASP.NET MVC 5 provides five different kinds of Filters. They are as follows:
- Authentication [Introduced in MVC5]
- Authorization
- Action
- Result
- Exception
Filters are used to inject logic at the different levels of request
processing. Let us understand where at the various stages of request
processing different filters get applied.
- Authentication filter runs before any other filter or action method
- Authorization filter runs after Authentication filter and before any other filter or action method
- Action filter runs before and after any action method
- Result filter runs before and after execution of any action result
- Exception filter runs only if action methods, filters or action results throw an exception
I have tried to show the filter execution timing in context of request processing in the below diagram:
Action Filter
An action filter consists of codes that run either before or after an
action runs. It can be used for tasks like logging, privileged based
authorization, authentication, caching etc.
Creating a custom action filter is very easy. It can be created in four simple steps:
- Create a class
- Inherit ActionFilterAttribute class
- Override the OnActionExecuting method to run logic before the action method
- Override the OnActionExecuted method to run logic after the action method
Let us see how we can create a custom action filter. The purpose of
the action filter is to find whether a logged in user belongs to a
particular privileges or not. On the basis of the result, a user will
access a particular action or navigate to the login action. To do this, I
have created a class and extended the ActionFilterAttribute class.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
|
using PrivilegeDemo.Services;
using System.Web;
using System.Web.Mvc;
using Microsoft.AspNet.Identity;
using System.Web.Routing;
namespace PrivilegeDemo.Filters
{
public class AuthorizationPrivilegeFilter : ActionFilterAttribute
{
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
AuthorizationService _authorizeService = new AuthorizationService();
string userId = HttpContext.Current.User.Identity.GetUserId();
if (userId != null)
{
var result = _authorizeService.CanManageUser(userId);
if (!result)
{
filterContext.Result = new RedirectToRouteResult(
new RouteValueDictionary{{ "controller", "Account" },
{ "action", "Login" }
});
}
}
else
{
filterContext.Result = new RedirectToRouteResult(
new RouteValueDictionary{{ "controller", "Account" },
{ "action", "Login" }
});
}
base.OnActionExecuting(filterContext);
}
}
}
|
As you see in the above code, the OnActionExecuting method is
overridden because we want the code to execute before the action method
gets executed. Once the action filter is created, it can be used in
three ways:
- As Global filter
- As Controller
- As Action
By adding a filter to the global filter in
App_Start\FilterConfig it will be available globally to the entire application.
|
public class FilterConfig
{
public static void RegisterGlobalFilters(GlobalFilterCollection filters)
{
filters.Add(new HandleErrorAttribute());
filters.Add(new AuthorizationPrivilegeFilter());
}
}
|
By adding a filter to a particular Controller it will also be available to the all actions of that particular controller.
|
[AuthorizationPrivilegeFilter]
public class HomeController : Controller
{
|
By adding a filter to a particular action it will be available to the particular action.
|
[AuthorizationPrivilegeFilter]
public ActionResult About()
{
|