Filters are .NET attributes that add extra steps to the request processing
pipeline. MVC Filters supports to perform logic, either before an action method
is called or after an action method runs. Attributes are special .NET classes
derived from System.Attribute.
Types of Filters:
The MVC Framework supports four different types of filters.
The framework includes default attribute classes that implement the filter interfaces. The Controller class implements each of the filter interfaces. We can implement filters for a specific controller by overriding the controller's On<Filter> method. We can implement the following On<Filter> methods in a controller:
Filter can create in the following ways:
Example:
Authorization Filters: Authorization filters run first before the
other kinds of filters and action method is invoked. This filter use to
authenticate user before executing action methods. Authorization filters
implement the IAuthorizationFilter interface
A Custom Authentication Filter:
The simplest way to create an authorization filter is to subclass the
AuthorizeAttribute class and overrides the AuthorizeCore method. This ensures
that we benefit from the features built in to AuthorizeAttribute.
By default AuthorizeCore gets called by both OnAuthorize and OnCacheAuthorization. This allows the authorization to be cached but still allow certain actions and to make the actual decisions about the authorization. If we need something from the AuthorizationContext then we can create a property to hold the information and then access that in the AuthorizeCore method.
AuthorizationContext Properties
Exception Filters: Exception filters are run only if an unhandled exception has been thrown when invoking an action method. The exception can come from another kind of, the action method itself and when the action result is executed.
Types of Filters:
The MVC Framework supports four different types of filters.
Filter Type
|
Interface
|
Default Implementation
|
Description
|
| Authorization |
IAuthorizationFilter |
AuthorizeAttribute |
Runs first, before any other filters or the action method |
| Action |
IActionFilter |
ActionFilterAttribute |
Runs before and after the action method |
| Result |
IResultFilter |
ActionFilterAttribute |
Runs before and after the action result is executed |
| Exception |
IExceptionFilter |
HandleErrorAttribute |
Runs only if another filter, the action method, or the action result throws
an exception |
The framework includes default attribute classes that implement the filter interfaces. The Controller class implements each of the filter interfaces. We can implement filters for a specific controller by overriding the controller's On<Filter> method. We can implement the following On<Filter> methods in a controller:
- OnAuthorization
- OnException
- OnActionExecuting
- OnActionExecuted
- OnResultExecuting
- OnResultExecuted
Filters
run in the following sequence:
- Authorization filters
- Action filters
- Result filters
- Exception filters
Filter can create in the following ways:
- Override one or more of the controller's On<Filter> methods.
- Create an attribute class that derives from FilterAttribute and apply the attribute to a controller or an action method.
- Register a filter with the filter provider (the FilterProviders class).
- Register a global filter using the GlobalFilterCollection class.
Example:
[Authorize] // controller level attribute/filter - applies to all
actions
public partial class AccountController
: Controller
{
[OutputCache(Duration = 60)] // applies to this action
[HeaderType]
// applies to this action
[HttpGet]
public ActionResult
GetAccountHeader()
{
}
}
public interface IAuthorizationFilter
{
void OnAuthorization(AuthorizationContext
filterContext);
}
Example:
public class DemoAuthAttribute : AuthorizeAttribute
{
private string[]
_roles;
public DemoAuthAttribute(params
string[] roles)
{
_roles = roles;
}
protected override bool AuthorizeCore(HttpContextBase
httpContext)
{
return httpContext.Request.IsAuthenticated &&
httpContext.User.IsRole(_roles);
}
public override void OnAuthorization(AuthorizationContext filterContext)
public override void OnAuthorization(AuthorizationContext filterContext)
{
if (filterContext == null)
{
throw new
ArgumentNullException("filterContext");
}
if (AuthorizeCore(filterContext.HttpContext))
{
// your custom logic here
string text = string.Format("<u><h5>Auth
successfull.....</h5></u></br>");
filterContext.HttpContext.Response.Write(text);
}
else
{
// RedirectResult, etc.
string text = string.Format("<u><h5>Auth
unsuccessfull.....</h5></u></br>");
filterContext.HttpContext.Response.Write(text);
}
}
}
By default AuthorizeCore gets called by both OnAuthorize and OnCacheAuthorization. This allows the authorization to be cached but still allow certain actions and to make the actual decisions about the authorization. If we need something from the AuthorizationContext then we can create a property to hold the information and then access that in the AuthorizeCore method.
| Name |
Type |
Description |
| ActionDescriptor |
ActionDescriptor |
Provides details of the action method |
| Result |
ActionResult |
The result for the action method; a filter can cancel the request by
setting this property to a non-null value |
Exception Filters: Exception filters are run only if an unhandled exception has been thrown when invoking an action method. The exception can come from another kind of, the action method itself and when the action result is executed.
public interface IExceptionFilter
{
void OnException(ExceptionContext
filterContext);
}
| Name |
Type |
Description |
| ActionDescriptor |
ActionDescriptor |
Provides details of the action method |
| Result |
ActionResult |
The result for the action method; a filter can cancel the request by
setting this property to a non-null value |
| Exception |
Exception |
The unhandled exception |
| ExceptionHandled |
bool |
Returns true if another filter has marked the exception as handled |
Example:
public class MyExceptionAttribute : FilterAttribute,
IExceptionFilter
{
public void
OnException(ExceptionContext filterContext)
{
if (!filterContext.ExceptionHandled &&
filterContext.Exception is NullReferenceException)
{
filterContext.Result = new RedirectResult("/ErrorPage.html");
filterContext.ExceptionHandled = true;
}
}
}
[MyException]
public ActionResult
Index() {
}
Action and Result Filters: Action and
result filters follows similar pattern and runs before and after the action
method/result. ActionFilterAttribute class implements both IActionFilter and
IResultFilter.
public interface IActionFilter
{
void OnActionExecuting(ActionExecutingContext
filterContext);
void OnActionExecuted(ActionExecutedContext
filterContext);
}
public interface IResultFilter
{
void OnResultExecuted(ResultExecutedContext
filterContext);
void OnResultExecuting(ResultExecutingContext
filterContext);
}
OnActionExecuting:
The OnActionExecuting method run before the action method is
invoked. We can modify/cancel the request or do some activity.
OnActionExecuted: This
filter use to perform some activity after execution of the action method.
ActionExecutingContext is a Subclass of ControllerContext which is
passing as parameter in the method.
ActionExecutingContext defines following
properties which are described below.
| Name |
Type |
Description |
| ActionDescriptor |
ActionDescriptor |
Provides details of the action method |
| Result |
ActionResult |
The result for the action method; a filter can cancel the request by
setting this property to a non-null value |
| Canceled |
Bool |
Returns true if the action has been canceled by another filter |
| Exception |
Exception |
The unhandled exception |
| ExceptionHandled |
bool |
Returns true if another filter has marked the exception as handled |
Example:
public class ExecutionTimeAttribute : FilterAttribute,
IActionFilter
{
private Stopwatch
timer;
public void
OnActionExecuting(ActionExecutingContext
filterContext)
{
timer = Stopwatch.StartNew();
}
public void
OnActionExecuted(ActionExecutedContext
filterContext)
{
timer.Stop();
if (filterContext.Exception == null)
{
filterContext.HttpContext.Response.Write(
string.Format("Action
method execution time: {0}", timer.Elapsed.TotalSeconds));
}
}
}
OnResultExecuting:
The OnResultExecuting method is invoked once the action method has returned an
action result, but before the action result is executed.
OnResultExecuted:
The OnResultExecuted method is invoked after the action result is executed.
The
parameters to these methods are ResultExecutingContext and
ResultExecutedContext objects, respectively, and they are very similar to their
action filter counterparts.
Example:
public class ExecutionTimeResultAttribute : FilterAttribute, IResultFilter
{
private Stopwatch
timer;
public void
OnResultExecuting(ResultExecutingContext
filterContext)
{
timer = Stopwatch.StartNew();
}
public void
OnResultExecuted(ResultExecutedContext
filterContext)
{
timer.Stop();
filterContext.HttpContext.Response.Write(
string.Format("Result execution - elapsed time: {0}",
timer.Elapsed.TotalSeconds));
}
}
[ExecutionTime]
[ExecutionTimeResult]
public ActionResult
Index()
{
return View();
}
Override Filters in a Controller: Create a controller class that implements filter
interfaces and can use as base controller so that other controller can use
functionality across application. Through this we can put code that is required
across the application in one reusable location.
Example:
public class BaseController : Controller
{
protected override void OnActionExecuting(ActionExecutingContext
filterContext)
{
//write your logic here
}
protected override void OnActionExecuted(ActionExecutedContext
filterContext)
{
//write your logic here
}
protected override void OnResultExecuting(ResultExecutingContext
filterContext)
{
//write your logic here
}
protected override void OnResultExecuted(ResultExecutedContext
filterContext)
{
//write your logic here
}
}
Global Filter:
Global filters are a way of applying filters in all action methods in
application. The advantage of this is we no longer need to apply attribute s on
every controller or action methods.
We
can make a regular filter into a global filter through the
RegisterGlobalFilters method in Global.asax. The RegisterGlobalFilters method
is called from the Application_Start method, which ensures that the filters are
registered when your MVC application starts.
Example:
public static void RegisterGlobalFilters(GlobalFilterCollection
filters)
{
filters.Add(new ExecutionTimeResultAttribute());
filters.Add(new MyExceptionAttribute());
}
Filter Scope and Order:
The
Scope enumeration value specifies the order for filters. This enumeration
defines the following filter scope:
Name
|
Description
|
First
|
Specifies first.
|
Global
|
Specifies an order before Controller and after First.
|
Controller
|
Specifies an order before Action and after Global.
|
Action
|
Specifies an order before Last and after Controller.
|
Last
|
Specifies last.
|
We
can also take control execution order of filter to specify order if scope is
same.
For
example, an OnActionExecuting(ActionExecutingContext) filter that has the Order
property set to zero and filter
scope set to First runs before an
action filter that has the Order property set to zero and filter scope set to Action.
Because exception filters run in reverse order, an exception filter that has
the Order property set to zero and
filter scope set to First runs after
an action filter that has the Order property set to zero and filter scope set to Action.
The
execution order of filters that have the same type, order, and scope is
undefined.
The
OnActionExecuting(ActionExecutingContext),
OnResultExecuting(ResultExecutingContext), and
OnAuthorization(AuthorizationContext) filters run in forward order. The
OnActionExecuted(ActionExecutedContext),
OnResultExecuting(ResultExecutingContext), and OnException(ExceptionContext)
filters run in reverse order.
If
we don’t specify a value for the Order property, it is assigned a default value
of -1. This means that if you mix filters so that some have Order values and
others don’t, the ones without these values will be executed first, since they
have the lowest Order value.
Example:
// AttributeTargets : Attribute can be applied to a method and
class.
// AllowMultiple : True if
more than one instance is allowed to be specified;
[AttributeUsage(AttributeTargets.Method | AttributeTargets.Class,
AllowMultiple = true)]
public class SampleAttribute : FilterAttribute,
IActionFilter
{
public string
ExecutionOrder { get; set;
}
public void
OnActionExecuting(ActionExecutingContext
filterContext)
{
filterContext.HttpContext.Response.Write(ExecutionOrder);
}
public void
OnActionExecuted(ActionExecutedContext
filterContext)
{
filterContext.HttpContext.Response.Write(ExecutionOrder);
}
}
public static void RegisterGlobalFilters(GlobalFilterCollection
filters)
{
filters.Add(new SampleAttribute()
{ Message = "Global", Order = 1
});
}
[Sample(Message
= "Controller", Order = 1)]
public class DemoController : Controller
{
[Sample(Message = "Action",
Order = 1)]
[Sample(Message = "Action2",
Order = 2)]
public ActionResult
Index()
{
Response.Write("Action method");
return View();
}
}
Order
of execution for OnActionExecuting would be:
Global => Contoller => Action
=> Action2 => Action method
Order
of execution for OnActionExecuted would be:
Action method => Action2 => Action => Contoller => Global
It's important to note here that
"Controller" scope means "filters applied at the controller
level"; the controller itself is also a filter which always runs first
(that is, its order is Int32.MinValue and Scope is First). The execution order
of filters with the same order and scope is undefined.
Canceling Filter Execution:
We can cancel filter execution in the OnActionExecuting
and OnResultExecuting methods by
setting the Result property to a non-null
value. Any pending OnActionExecuted and OnActionExecuting filters will not be
invoked and the invoker will not call the OnActionExecuted method for the
canceled filter or for pending filters. The OnActionExecuted filter for
previously run filters will run. All of the OnResultExecutingand
OnResultExecuted filters will run.
Example:
if
(filterContext.RouteData.Values.ContainsValue("Cancel"))
{
filterContext.Result = new RedirectResult("~/Home/Index");
}
Other important built-in filters:
OutputCache:
The OutputCache filter tells the MVC Framework to cache the output from an
action method so that the same content can be reused to service subsequent
requests for the same URL. There is number of parameters in OutputCache filter
to manage caching.
Example:
[OutputCache(Duration
= 30)]
public ActionResult
About()
{
return View();
}
RequireHttps:
The RequireHttps filter helps to force the client to access a particular action
to be accessed over HTTPS channel. If the action is not accessed over HTTPS
then the filter redirect the user to access the same over HTTPS. The important
thing is this filter works only for the GET requests.
Example:
[RequireHttps]
public ActionResult
Login(string name, string
password)
{
}
ChildActionOnly:
A child action method renders inline HTML markup for part of a view instead of
rendering a whole view. Child actions cannot be called directly called from the
browser. Any method that is marked with ChildActionOnlyAttribute can be called
only with the Action or RenderAction HTML extension methods.
Example:
[ChildActionOnly]
public ViewResult
Header()
{
string ="This is
header";
return PartialView(header);
}
@Html.Action("Header")
