Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

IAuthenticationFilter equivalent in MVC6

I'm moving a Web Api 2 project to MVC 6, since Microsoft is merging the two APIs in ASP.NET 5. In my WebApi project I had a custom Attribute Filter class that would authenticate, authorize and prevent transaction replays using a combination of public key, private key and HMAC authentication (basically, doing this with some tweaks to fit into my project).

Now in MVC6, as far as I understand I must stop using anything in the Microsoft.Web.Http namespace and instead use Microsoft.AspNet.Mvc. So I have done that, but the Microsoft.AspNet.Mvc.Filters doesn't seem to have any equivalent of Web Api 2's IAuthenticationFilter.

This is a problem for me because my customer AuthenticationFilter implemented all of IAuthenticationFilter, with all the logic in there. More importantly, it was using the Context to temporarily store the public key of the account, so my controller could access it to load up the account in turn.

So my question is, what is the proper way to filter requests in MVC6, using an Authentication Filter-like class to intercept the requests and return the appropriate status codes? I can't find any article that goes specifically in these details (they all tend to cover MVC5).

like image 415
Astaar Avatar asked Jul 27 '15 08:07

Astaar


People also ask

What is ActionExecutingContext?

ActionExecutingContext(ControllerContext, ActionDescriptor, IDictionary<String,Object>) Initializes a new instance of the ActionExecutingContext class by using the specified controller context, action descriptor, and action-method parameters.

What is ServiceFilter?

A ServiceFilter retrieves an instance of the filter from DI. Using ServiceFilter without registering the filter type results in an exception. TypeFilterAttribute is very similar to ServiceFilterAttribute (and also implements IFilterFactory), but its type is not resolved directly from the DI container.

How do I create a custom authentication filter in Web API?

Setting an Authentication Filter To apply an authentication filter to a controller, decorate the controller class with the filter attribute. The following code sets the [IdentityBasicAuthentication] filter on a controller class, which enables Basic Authentication for all of the controller's actions.


1 Answers

I know it's an older question, but hopefully someone (maybe even yourself) might find value in the answer.

MVC6 does in fact have an alternative. You have an

public abstract class AuthorizationFilterAttribute :
    Attribute, IAsyncAuthorizationFilter, IAuthorizationFilter, IOrderedFilter

which basically tells you, that you can create your custom class, derive it from this (namespace of all of these interfaces, btw, is Microsoft.AspNet.Mvc.Filters and that should be it. You can either decorate the action with it, or you can do this in Startup.cs, to apply to all actions:

 public void ConfigureServices(IServiceCollection services)
    {
        // Add MVC services to the services container.
        services.AddMvc(options =>
        {
            // add an instance of the filter, like we used to do it
            options.Filters.Add(new MySpecialFilter());
        });

        services.AddTransient<LogFilter>();
    }

If you want to use a bit more logic in the filter (e.g. my LogFilter above) which is instantiated through DI, you need to use either Service Filters or Type Filters.

You can now decorate the actions with [ServiceFilter(typeof(LogFilter))] or use o.Filters.Add(new ServiceFilterAttribute(typeof(LogFilter))); in the Startup.cs file. But keep in mind, to do this you need to register the type with the DI container, like I did above with the .AddTransient<>() call.

like image 113
Anže Vodovnik Avatar answered Oct 11 '22 19:10

Anže Vodovnik