ASP.NET MVC Filters
ASP.NET MVC provide filters to execute code logic before and after controller action execution. Pre-action and post-action behaviour are added to controller action method by filters. Custom filters creation depends on inheriting and overriding methods of ASP.NET MVC filter attribute class or by implementing filter interface.
Various type of filters :-
- Authorization filters :- This filter implements IAuthorizationFilter interface and when used with controller action makes security decision to execute action method if user is an authorized user else action method will not be executed. OnAuthorization is a method provided by IAuthorizationFilter. Examples of authorization filters are AuthorizeAttribute class and the RequireHttpsAttribute class.
- Action filters :- This filter implements IActionFilter interface. OnActionExecuting and OnActionExecuted are two methods provided by IActionFilter. OnActionExecuting is executed before action method while OnActionExecuted is executed after action method, it provides extra data to the action method, inspects the return value, or even cancels execution of the action method.
- Result filters :- This filter implements IResultFilter interface. OnResultExecuting and OnResultExecuted are two methods provided by IResultFilter. OnResultExecuting is executed before action method while OnResultExecuted is executed after action method. This filter can be used whenever a modification is required in action method result such as modifying the HTTP response. An Example of Result filter is OutputCacheAttribute class.
- Exception filters :- This filter implements IExceptionFilter interface.OnException are the method provided by Exception filter.Exception filter are executed whenever an exception is thrown by controller action. They are used for logging and displaying an error page.An Example of Exception filter is HandleErrorAttribute class.
- Authentication Filters :- This filter was introduced in ASP.NET MVC5. This filter implements IAuthenticationFilter interface for creating CustomAuthentication filter and when used with controller action makes security decision to execute action method if the claimed user can/cannot perform certain actions. OnAuthentication and OnAuthenticationChallenge are two methods provided by IAuthenticationFilter.
The order of ASP.NET MVC Filters execution are :-
- Authentication filters
- Authorization filters
- Action filters
- Result filters
- Exception filters
Configuration of custom filters in application at following three levels:-
protected void Application_Start()
{
FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
}
Filter on top of controller applies to all the action methods within controller.
[Authorize(Roles="Admin")]
public class AdminController : Controller
{
//
}
public class StudentController : Controller
{
[Authorize(Users="Stu1,Stu2")]
public ActionResult Stu_Login(string provider)
{
// TODO:
return View();
}
}
0 Comment(s)