Filters in ASP.NET MVC Part-1

In this article we will talk about filters in asp.net mvc. This article divided in to 4 parts as:

  • a. What are filters in asp.net mvc.
  • b. Filter types
  • c. Order of execution
  • d. Authorization filter with example


Ok! Let’s start with filters……



  • A. What are filters in ASP.NET MVC:

    In some cases on developing any application in .net mvc we may face a requirement like we have to add some logic that should be called after the execution of action method or before the execution of action method.

    To deal with this kind of requirement, ASP.NET MVC provides a feature i.e. called filters.

    Filters executes as part of ASP.NET MVC request life cycle.


  • B. Filter Types

    ASP.NET MVC gives you inbuilt filters which are described below:

    1. Authorization filters: run before any other filter. This is responsible for security decisions whether to execute the method or not, performing authentication at controller level or action level. These implement IAuthorization filter interface.
    2. Action Filters: executes before or after any action method is executed. These implements IActionFilter interface i.e. having two methods onActionExecuting and onActionExecuted. OnActionExecuting runs before any action method is executed and onActionExecuted runs after an action method is executed. See an Example of OutPutCache Action Filter.
    3. Result Filters: filters executes before or after any action result object is executed. These implements IResultFilter interface i.e. having two methods onResultExecuting and onResultExecuted.OnResultExecuting runs before any action result object is executed and onResultExecuted runs after an action result object is executed.
    4. Exception Filters: executes when there is any unhandled exception is thrown during the code execution cycle. It implements IExceptionFilter and useful in logging and displaying errors or error page.

  • C. Order of execution:

    These filters executes in pre defined order as:
    1. Authorization filter
    2. Action Filter
    3. Result filter
    4. Exception Filter

  • D. Authorization filter with example:

    Let’s try to understand authorization filter step by step with example:

    1. Go to visual studio and create a new ASP.NET MVC application by going to File -> New -> Project and select ASP.NET MVC application and name it to Authfilterapp and click ok. For more detail description see Getting started with ASP.NET MVC.
    2. In next window choose empty template and view engine as Razor from dropdown. Click ok.
    3. You will be having solution explorer as below:

      Authorization-filter-in-aspnet-mvc-example

    4. Now let’s go ahead and create a controller name it HomeController by right clicking on Controllers folder -> ADD -> Controller. You will be having code file i.e.
                                  
      namespace Authfilterapp.Controllers
      {
          public class HomeController : Controller
          {
              public ActionResult Index()
              {
                  return View();
              }
          }
      }                           
                              
    5. Now delete this existing action method and write two action method name as Authorizemethod and Unauthorizemethod. For more details about ActionMethod see ASP.NET MVC Controller Action Method and Action Results
    6. Right click in Authorizemethod and add view for this action method. You can see your solution explorer with the following files under the view folder.

      authorization filters in aspnet mvc

    7. We will also add View for Unauthorizemethod Action methods.
    8. Now run your application and navigate to Authorizemethod & unauthorizedmethod. You will have access to both view.
    9. Now we will decorate Authorizemethod with Authorize attribute as below:
    10.                             
      namespace Authfilterapp.Controllers
      {
          public class HomeController : Controller
          {
              [Authorize]
              public ActionResult Authorizemethod()
              {
                  return View();
              }
      
              public ActionResult Unauthorizemethod()
              {
                  return View();
              }
          }
      }     
                                  
                              
    11. Now build the solution and try to access the Authorizemethod action. You will get below error page i.e. unauthorized access to page:

      unauthorize access to aspnet mvc view

    12. Now try to access Unauthorizemethod, you should be able to access it. As there is not Authorize filter associated with this Action method.

  • So actually Authorize attribute is security layer to MVC action methods to restric access by any anonymous users. We can apply similar to controller level also.

That is all for this, I hope you will be having basic idea of authorization filter and surely will come with the second part for this i.e. action filters.

Download source code

Speak your mind :
Leave a comment for this article on dotnetbloogers.com