Difference between IActionFilter and IAuthorizationFilter

Question

I am just wondering if there are any difference between IActionFilter and IAuthorizationFilter ?

I assume that we can implement the same logic under IActionFilter that probably has IAuthorizationFilter ... Is that true?

Thanks!

Answer 1

As per question ,yes we can implement the same logic in both IActionFilter and IAuthorizationFilter. but the only execution order differs.

The ASP.NET MVC framework supports four different types of filters:

    Authorization – Implements  IAuthorizationFilter Attribute.
    Action        – Implements IActionFilter Attribute.
    Result        – Implements  IResultFilter Attribute.
    Exception     – Implements  IExceptionFilter Attribute.

Note: Filters are executed in the order listed above.

authorization filters are always executed before action filters and exception filters are always executed after every other type of filter.

Authorization filters are used to implement authentication and authorization for controller actions. For example, the Authorize filter is an example of an Authorization filter.

Action filters contain logic that is executed before and after a controller action executes. You can use an action filter, for instance, to modify the view data that a controller action returns.

Result filters contain logic that is executed before and after a view result is executed. For example, you might want to modify a view result right before the view is rendered to the browser.

Exception filters are the last type of filter to run. You can use an exception filter to handle errors raised by either your controller actions or controller action results. You also can use exception filters to log errors.

Each different type of filter is executed in a particular order. If you want to control the order in which filters of the same type are executed then you can set a filter's Order property.

Note: The base class for all action filters is the System.Web.Mvc.FilterAttribute class.

Answer 2

Authorization filters run very early in the action pipeline. They are good for example to escape from the action pipeline when conditions are not met. (Sample MVC framework attributes that use it are [Authorize], [RequireHttps])

Action filters executes after Authorization filters, and it can participate in in pre and post processing of actions.

Answer 3

Yes you can implement an authentication filter with an action filter. From here:

You can use action filters for logging, authentication, output caching, or other tasks.

I'm afraid I don't know why there exists a difference other than IAuthorizationFilter is a simpler interface with it's one method, it also has fewer properties on it's Context.