Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Difference between IActionFilter and IAuthorizationFilter

I am just wondering if there are any difference between IActionFilter and IAuthorizationFilter ?

I assume that we can implement the same logic under IActionFilter that probably has IAuthorizationFilter ... Is that true?

Thanks!

like image 369
Friend Avatar asked Oct 08 '13 13:10

Friend


3 Answers

As per question ,yes we can implement the same logic in both IActionFilter and IAuthorizationFilter. but the only execution order differs.

The ASP.NET MVC framework supports four different types of filters:

    Authorization – Implements  IAuthorizationFilter Attribute.
    Action        – Implements IActionFilter Attribute.
    Result        – Implements  IResultFilter Attribute.
    Exception     – Implements  IExceptionFilter Attribute.

Note: Filters are executed in the order listed above.

authorization filters are always executed before action filters and exception filters are always executed after every other type of filter.

Authorization filters are used to implement authentication and authorization for controller actions. For example, the Authorize filter is an example of an Authorization filter.

Action filters contain logic that is executed before and after a controller action executes. You can use an action filter, for instance, to modify the view data that a controller action returns.

Result filters contain logic that is executed before and after a view result is executed. For example, you might want to modify a view result right before the view is rendered to the browser.

Exception filters are the last type of filter to run. You can use an exception filter to handle errors raised by either your controller actions or controller action results. You also can use exception filters to log errors.

Each different type of filter is executed in a particular order. If you want to control the order in which filters of the same type are executed then you can set a filter's Order property.

Note: The base class for all action filters is the System.Web.Mvc.FilterAttribute class.

like image 51
joshua Avatar answered Oct 19 '22 00:10

joshua


Authorization filters run very early in the action pipeline. They are good for example to escape from the action pipeline when conditions are not met. (Sample MVC framework attributes that use it are [Authorize], [RequireHttps])

Action filters executes after Authorization filters, and it can participate in in pre and post processing of actions.

like image 24
A Khudairy Avatar answered Oct 18 '22 22:10

A Khudairy


Yes you can implement an authentication filter with an action filter. From here:

You can use action filters for logging, authentication, output caching, or other tasks.

I'm afraid I don't know why there exists a difference other than IAuthorizationFilter is a simpler interface with it's one method, it also has fewer properties on it's Context.

like image 1
user2586804 Avatar answered Oct 19 '22 00:10

user2586804