ASP.NET Filters - Concepts | MSDN Documentation

ASP.NET Filters: Concepts

ASP.NET filters are a powerful mechanism for intercepting and processing requests and responses in your web application. They allow you to execute custom logic before a request reaches the controller action, after the controller action has executed but before the response is sent, or even after the response has been generated. This makes them ideal for implementing cross-cutting concerns such as authentication, authorization, logging, caching, and error handling.

Types of Filters

ASP.NET Core provides several built-in filter types, each designed for a specific stage in the request processing pipeline:

Authorization Filters: These filters execute first and are responsible for determining whether a user is authorized to execute the request. If authorization fails, the request pipeline is short-circuited, and no further filters or actions are executed.
Resource Filters: These filters execute before model binding and action execution. They are useful for tasks that need to run early in the pipeline, such as caching.
Action Filters: These filters execute just before and just after the controller action method is executed. They can modify the arguments passed to the action or the result returned by the action.
Result Filters: These filters execute just before and just after the action result is executed. They are useful for modifying the response before it's sent back to the client.
Exception Filters: These filters execute only when an unhandled exception occurs during the execution of the request. They can be used to log exceptions, return custom error responses, or even re-throw the exception.

Implementing Custom Filters

You can create custom filters by implementing the corresponding `IFilter` interface. Most commonly, you'll implement specific interfaces like `IAsyncAuthorizationFilter`, `IResourceFilter`, `IAsyncActionFilter`, `IAsyncResultFilter`, or `IExceptionFilter`.

Here's a basic example of an action filter that logs when an action starts and finishes:

                
                    using Microsoft.AspNetCore.Mvc.Filters;

                    using Microsoft.Extensions.Logging;

                    using System.Threading.Tasks;

                    public class LoggingActionFilter : IAsyncActionFilter

                    {

                        private readonly ILogger _logger;

                        public LoggingActionFilter(ILoggerFactory loggerFactory)

                        {

                            _logger = loggerFactory.CreateLogger();

                        }

                        public async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)

                        {

                            // Code to execute before the action method

                            _logger.LogInformation("Entering action method {ActionName}", context.ActionDescriptor.DisplayName);

                            // Execute the action method

                            var resultContext = await next()

                                .ConfigureAwait(false);

                            // Code to execute after the action method

                            _logger.LogInformation("Exiting action method {ActionName}", context.ActionDescriptor.DisplayName);

                        }

                    }

Applying Filters

Filters can be applied in several ways:

Globally: By adding them to the MVC options in the Startup.cs file.
Controller-level: By decorating the entire controller class with the filter attribute.
Action-level: By decorating specific action methods with the filter attribute.

Here's how you'd apply the custom filter to a specific action method:

                
                    using Microsoft.AspNetCore.Mvc;

                    public class HomeController : Controller

                    {

                        [HttpGet]

                        [LoggingActionFilter]

                        public IActionResult Index()

                        {

                            return View();

                        }

                    }

Note: Filters are executed in a specific order. Understanding this order is crucial for correct implementation, especially when dealing with multiple filters.

Filter Overriding and Ordering

When multiple filters are applied to an action or controller, their execution order is determined by their order in the pipeline and their `Order` property (if set). Filters are generally executed in this order:

Authorization Filters
Resource Filters
Action Filters (OnActionExecuting, then Action, then OnActionExecuted)
Result Filters (OnResultExecuting, then Result, then OnResultExecuted)
Exception Filters (only if an exception occurs)

You can control the order of execution for filters of the same type by implementing the IOrderedFilter interface and setting the Order property.

Built-in Filters

ASP.NET Core provides many useful built-in filters, including:

[Authorize] and [AllowAnonymous] for authorization.
[RouteData] and [ModelState] for accessing route data and model state.
[ValidateAntiForgeryToken] for security.
[ResponseCache] for caching responses.
[HandleException] for handling exceptions.

Filters are a fundamental building block for creating robust, maintainable, and scalable ASP.NET Core applications. By mastering their use, you can significantly enhance your application's functionality and streamline the development process for common tasks.

MSDN Documentation