Menu
What's the difference between using a MessageHandler vs a Filter to check for an API key in the request header for an MVC web api project.
I see that there is a well outlined example of a MessageHandler for just that purpose in http://www.asp.net/web-api/overview/working-with-http/http-message-handlers
e.g.
GlobalConfiguration.Configuration.MessageHandlers.Add(new ApiKeyHandler());
But it looks like I can do the same thing using a filter as well.
GlobalConfiguration.Configuration.Filters.Add(new ApiKeyFilter());
Assuming ApiKeyFilter and ApiKeyHandler both just look at the request header and check for an api key, Which way is more efficient? What's the difference?
309
MessageHandlers run much earlier than filters.
the order is:
-MessageHandler
-Authorization filter
-Model binding
-Other filters
Security related stuff should run as early as possible.
92
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
