Filters in ASP.NET MVC 5.0: Part 12

Before reading this article, I highly recommend reading the previous part of the series on ASP.NET:

ASP.NET MVC Filters are used to inject extra logic at the different levels of MVC Framework request processing. Filters provide a way for cross cutting concern (logging, authorization, and caching).

In this article, I will show you the different categories of filters that the MVC Framework supports, how to control their execution, and how to create and use filters. We can create our own custom filters. In every request, your action method in controller will have to check if the user was right or authorized to perform the action and view its result.

The ASP.NET MVC Framework supports four different types of filters. Authentication Filters are introduced with ASP.NET MVC 5. Each allows you to introduce logic at different points during request processing.

Filter TypeInterface Description
Authentication IAuthenticationFilter These are Runs, before any other filters or the action method.
Authorization IAuthorizationFilter These Runs first, before any other filters or the action method.
Action IActionFilter These Runs before and after the action method.
Result IResultFilter Runs before and after the action result is executed.
Exception IExceptionFilter Runs only if another filter, the action method, or the action resultthrows an exception.

Types of Filters in ASP.NET MVC and their Sequence of Execution

There are five types of Filters in ASP.NET MVC 5:

  1. Authentication Filters:

    Authentication filter runs before any other filter or action method. Authentication confirms that you are a valid or invalid user. Action filters implements the IAuthenticationFilter interface. 

  2. Authorization Filters:

    The AuthorizeAttribute and RequireHttpsAttribute are the examples of Authorization Filters. Authorization Filters are responsible for checking User Access; these implement the IAuthorizationFilterinterface in the framework. These filters used to implement authentication and authorization for controller actions. For example, the Authorize filter is an example of an Authorization filter.

  3. Action Filters:

    Action Filter is an attribute that you can apply to a controller action or an entire controller. This filter will be called before and after the action starts executing and after the action has executed.

    Action filters implement the IActionFilter interface that have two methods OnActionExecuting andOnActionExecuted. OnActionExecuting runs before the Action and gives an opportunity to cancel the Action call. These filters contain logic that is executed before and after a controller action executes, you can use an action filter, for instance, to modify the view data that a controller action returns.

  4. Result Filters:

    The OutputCacheAttribute class is an example of Result Filters. These implement the IResultFilter interface which like the IActionFilter has OnResultExecuting and OnResultExecuted. These filters contains logic that is executed before and after a view result is executed. Like if you want to modify a view result right before the view is rendered to the browser.

  5. ExceptionFilters:

    The HandleErrorAttribute class is an example of ExceptionFilters. These implement the IExceptionFilter interface and they execute if there are any unhandled exceptions thrown during the execution pipeline. These filters can be used as an exception filter to handle errors raised by either your controller actions or controller action results.
You can override the methods in your controller class if you want.

table

Creating a new custom Authentication Filter with ASP.NET MVC 5:


Note:

The ActionFilterAttribute class implements both the IActionFilter and IResultFilter interfaces. This class is abstract, which forces you to provide an implementation. The other classes, Authorize Attribute and HandleErrorAttribute, contain useful features and can be used without creating a derived class.

I’m going to use a custom Authentication filter to set the new principal for the current request, a custom authentication filter that will simply redirect the user back to the login page if they're not authenticated.

new

Choose MVC, and click on “OK” button.

mvc

To create an Authentication filter, you must implement the IAuthenticationFilter. I need to create a new folder. Right click on to your project and add a new folder.

add

I named this folder “AuthData”. I need to add a class inside this folder. So right click on to this folder and add a class.

class

I have given “AuthAttribute” name to my class.

Click on to “Add” button.

class

Here, we have derived the AuthAttributeclass from theActionFilterAttribute,IAuthenticationFilter class. I need to resolve it from the “ActionFiltersinMVC.AuthData”namespace.

public class AuthAttribute : ActionFilterAttribute, IAuthenticationFilter

attribute

You can see the following screenshot:

attribute

The IAuthenticationFilter interface defines two methods: OnAuthentication and OnAuthenhenticationChallenge. The OnAuthentication method is executed first and can be used to perform any needed authentication. The OnAuthenticationChallengemethod is used to restrict access based upon the authenticated user's principal.

ResloveActionFilterAttribute and IAuthenticationFilter form the “using System.Web.MVC.Filters;” namespace.
  1. namespace ActionFiltersinMVC.AuthData  
  2. {  
  3.     public class AuthAttribute: ActionFilterAttribute,  
  4.     IAuthenticationFilter  
  5.     {  
  6.   
  7.         public void OnAuthentication(AuthenticationContextfilterContext)  
  8.         {  
  9.             //Logic for authenticating a user  
  10.         }  
  11.   
  12.         //Runs after the OnAuthentication method  
  13.         public void OnAuthenticationChallenge(AuthenticationChallengeContextfilterContext)  
  14.         {  
  15.             //TODO: Additional tasks on the request  
  16.         }  
  17.     }  
  18. }  
filter

In OnAuthentication, I write a code for the user authentication and in OnAuthenticationChallenge, I write some code for the other tasks.

code

You can now test out the AuthAttribute by applying it to the HomeController class. Open up the HomeController class file, then add using statement for your AuthData namespace:

home controller

Here is my Login page, go for the new user registration.
login

I have used my email address to create a new password, and clicked  on to “Register” button.
register

You can see, I’m logged in with my email.
mail

You can also manage your account setting as in the following screenshot:
manage

Authorization Filter:

These filters enforce you authorization policy ensuring that action methods can invoked only by an approved users. These filters are the filters that run before the action method is invoked. These filters implement the IAuthorizationFilter interface,
  1. namespace sytem.Web.MVC  
  2. {  
  3.     Public interface IAuthorizationFilter  
  4.     {  
  5.         Void OnAutorization(AuthorizationContextfilterContext);  
  6.     }  
  7. }  
For the Authorization, let’s make some changes in the “AuthAttribute” class.

This “AuthAttribute” class should inherit by “AuthorizeAttribute” classes. For using the AuthorizeAttribute” class, we need to add the namespace:
 
using System.Web.Mvc; .
  1. using System;  
  2. using System.Collections.Generic;  
  3. using System.Linq;  
  4. using System.Web;  
  5. using System.Web.Mvc;  
  6.   
  7. namespace ActionFiltersinMVC.AuthData  
  8. {  
  9.     public class AuthAttribute: AuthorizeAttribute {}  
  10. }  

auth

We override the AuthorizeCore(HttpContextBasehttpContext) method, this ensure that I benefit from the feature build in Authorize attribute.

The constructor of the filter AuthAttribute (boolallowedParam), takes the bool value indicating whether local requests are permitted by taking advantage of the building feature of authorization attribute base class, I only have to focus the authorization logic and return true from the authorize core method.
  1. using System;  
  2. using System.Collections.Generic;  
  3. using System.Linq;  
  4. using System.Web;  
  5. using System.Web.Mvc;  
  6.   
  7. namespace ActionFiltersinMVC.AuthData  
  8. {  
  9.     public classAuthAttribute: AuthorizeAttribute  
  10.     {  
  11.         private bool localAllowed;  
  12.         public AuthAttribute(boolallowedParam)  
  13.         {  
  14.             localAllowed = allowedParam;  
  15.         }  
  16.         protected overrideboolAuthorizeCore(HttpContextBasehttpContext)  
  17.         {  
  18.             if (httpContext.Request.IsLocal)   
  19.             {  
  20.                 return localAllowed;  
  21.             } else  
  22.             {  
  23.                 return true;  
  24.             }  
  25.         }  
  26.     }  
  27. }  

auth

Now open the “Home Controller” and apply some code, In this I have applied the Authorize attribute filterover the Index() method. For using the [AuthorizeAttribute] we need to add the namespace “using ActionFiltersinMVC.AuthData;”.
  1. using ActionFiltersinMVC.AuthData;  
  2. public class HomeController: Controller  
  3. {  
  4.         [AuthorizeAttribute]  
  5.         public ActionResult Index()  
  6.         {  
  7.             return View();  
  8.         }  
homecoontroller

And in About action method, we simply print a message.
  1. using ActionFiltersinMVC.AuthData;  
  2. using System;  
  3. using System.Collections.Generic;  
  4. using System.Linq;  
  5. using System.Web;  
  6. using System.Web.Mvc;  
  7.   
  8. namespace ActionFiltersinMVC.Controllers   
  9. {  
  10.     public class HomeController: Controller  
  11.     {  
  12.         [AuthorizeAttribute]  
  13.         public ActionResult Index()  
  14.         {  
  15.             return View();  
  16.         }  
  17.         public ActionResult About()  
  18.         {  
  19.             ViewBag.Message = "Hello...Nitin";  
  20.             return View();  
  21.         }  
  22.     }  
  23. }  
Here is the screenshot of Controller:

controller

Now save the project and run the project by pressing F5. You’ll redirect on to the Log in page.

Enter the Email and password to login to the account; I have registered myself in Authentication filters part, so there is no need for the new registration.

log in

Click on to “Log in” button.

login

After log in, you will be redirected on to the home page.

home

I’m going to use Authorize filter, if I’m using Authorize attribute, only authenticating users can access About() method.
  1. using ActionFiltersinMVC.AuthData;  
  2. using System;  
  3. using System.Collections.Generic;  
  4. using System.Linq;  
  5. using System.Web;  
  6. using System.Web.Mvc;  
  7.   
  8. namespace ActionFiltersinMVC.Controllers  
  9. {  
  10.     public class HomeController: Controller  
  11.     {  
  12.         //[AuthorizeAttribute]  
  13.         public ActionResult Index()  
  14.         {   
  15.             return View();  
  16.         }  
  17.   
  18.         [Authorize]  
  19.         public ActionResult About()  
  20.         {  
  21.             ViewBag.Message = "Hello...Nitin";  
  22.             return View();  
  23.         }  
  24.     }  
Now build the application and run it and try to access the about page, here you can see if I login to About page
 
You can see About page:

about


Here in the below screenshot, I have accessed the About action method.

about

You can specify users, which are only able to see the About page as in the following screenshot.

Here I pass two email ids, for the authorized users.

authorize

Now, create a new user, it must be new user and create a password for the new user.

Click on to “Register” button.

register

You can see it’s automatically logged in to the application,

login

Now I’m trying to access “About” page.

about

So, we are unable to access “About” page because you have to authorize  access to the about page by only two id, which are authorized for the About action.

log in

Action Filters: There are the following action filters,
  • Output Cache: This action filter caches the output of a controller action.
  • Handle Error: This action filter handles errors raised when a controller action executes.
  • Authorize: This action filter enables you to restrict access to a particular user or role.
Output Cache:

Example: Specifies the return value to be cached for 5 seconds.
  1. public class ActionFilterDemoController: Controller  
  2. {  
  3.     [HttpGet]  
  4.     [OutputCache(Duration = 5)]  
  5.     public string Index()  
  6.     {  
  7.         return DateTime.Now.ToString("T");  
  8.     }  
  9. }  

filter

output

Handle Error:

If any error occurs during the action execution, it will find a view named Error in the Views folder and render that page to the user

Example:

Redirect application to a custom error page when an error is triggered by controller
  1. [HandleError]  
  2. public class ActionFilterDemoController: Controller  
  3. {  
  4.     public ActionResult Index()   
  5.     {  
  6.         throw new NullReferenceException();  
  7.     }  
  8.     public ActionResult About()  
  9.     {  
  10.         return View();  
  11.     }  
  12. }  
Authorize:

Example: Allowing only authorized users to log in the application.
  1. public class ActionFilterDemoController: Controller  
  2. {  
  3.     [Authorize]  
  4.     public ActionResult Index()  
  5.     {  
  6.             ViewBag.Message = "This can be viewed only by authenticated users only";  
  7.             return View();  
  8.         }  
  9.         [Authorize(Users = "[email protected]")]  
  10.     public ActionResultMyIndex()  
  11.     {  
  12.         ViewBag.Message = "Only Nitin Pandit can view";  
  13.         return View();  
  14.     }  
  15. }  
Result Filters: 

Result filters are executed before or after generating the result for an action. The Action Result type can be ViewResult, PartialViewResult, RedirectToRouteResult, which derives from the ActionResult class.

Example:
  1.  public interface IResultFilter  
  2. {  
  3. void OnResultExecuted(ResultExecutedContextfilterContext);  
  4. void OnResultExecuting(ResultExecutingContextfilterContext);  
Exception Filters:

Exception filters are run only if an unhandled exception has been thrown when invoking an action method. Exception may be for the following reasons:
  • Action method itself.
  • When the Action result is executed.
  • Another kind of filter.
Example:
  1. Public interface IExceptionFilter  
  2. {  
  3. void OnException(ExceptionContextfilterContext);  
First, you need to create a RangeError.html page file within the “Content” folder in our application; we will use this file to display a simple message.

html

Give the name to page, and click on to “OK” button.

item

Here's the screenshot:

error

Here, we have derived the AuthAttribute class from the FilterAttribute class, in addition to implementing the IExceptionFilter. For using the FilterAttribute and IExceptionFilter you need to use “using System.Web.Mvc;”name space in your MVC Application.

This exception filter is handling the instance by redirecting the user browser to a file called RangError.html in the content folder, In the ExceptionHandled method we checked the exception is not properly handled and Exception type is ArgumentOutOfRangeException then,
  1. filterContext.Result = new RedirectResult("~/Content/RangeError.html");  
  2. filterContext.ExceptionHandled = true;   
Page will be redirect to a custom error page which we have created in RangeError.html page in content folder.
  1. using System;  
  2. using System.Collections.Generic;  
  3. using System.Linq;  
  4. using System.Web;  
  5. using System.Web.Mvc;  
  6.   
  7. namespace ActionFiltersinMVC.AuthData   
  8. {  
  9.     public class AuthAttribute: FilterAttribute,  
  10.     IExceptionFilter  
  11.     {  
  12.         public void OnException(ExceptionContextfilterContext)  
  13.         {  
  14.             if (!filterContext.ExceptionHandled && filterContext.ExceptionisArgumentOutOfRangeException) {  
  15.                 filterContext.Result = newRedirectResult("~/Content/RangeErrorPage.html");  
  16.                 filterContext.ExceptionHandled = true;  
  17.             }  
  18.   
  19.         }  
  20.     }  
  21.   
  22. }  

attribute

In the home controller I have written down a method TestRange, this method throws ArgumentOutOfRangeException.

controller

Now, I am going to run the application, we can see the default exception handling.

output

Thanks for reading this article and stay tuned for the next articles where you will learn a lot about ASP.NET MVC 5.0.

Connect(“Nitin Pandit);
 
Read more articles on ASP.NET:

Up Next
    Ebook Download
    View all
    Learn
    View all