Filters In Asp.Net MVC (Part-1)

Filters In MVC : 
In ASP.NET MVC any Filter is a class where you can write custom logic to execute before or after an action method executes. Filters can be applied to an action method or controller. Custom filter class can be created by implementing FilterAttribute class and corresponding interface.

Many times we would like to perform some action before or after a particular operation. For achieving this functionality, ASP.NET MVC provides feature to add pre and post action behaviors on controller's action methods.

MVC provides different types of filters. The following table list filter types, built-in filters for the type and interface which must be implemented to create a custom filter class.

1. Authorization Filters: Performs authentication and authorizes before executing action method. 

§  Interface: IAuthorizationFilter

§Built-in Authorization Filter:[Authorize],[RequireHttps],[ChildActionOnly]

2. Action Filters:  Performs some operation before and after an action method executes.

§  Interface: IActionFilter

3. Result Filters: Performs some operation before or after the execution of view result.

§  Interface: IResultFilter

§  Built-in Authorization Filter: [OutputCache]

4. Exception Filters:  Performs some operation if there is an unhandled exception thrown during the execution.

§  Interface: IExceptionFilter

§  Built-in Authorization Filter: [HandleError]

Order of Filter Execution:

MVC includes different types of filters and multiple filters can be applied to a single controller class or action method. So, filters run in the following order.

1. Authorization filters
2. Action filters
3. Result filters
4. Exception filters

Applying Filters : Filters can be applied at following three levels.

1. Global Level:
You can apply filters at global level in the Application_Start event of Global.asax.cs file by using default FilterConfig.RegisterGlobalFilters() mehtod. Global filters will be applied to all the controller and action methods of an application.

The [HandleError] filter is applied globaly in MVC Application by default in every MVC application created using Visual Studio as shown below:

§  Inside FilterConfig.cs located in App_Start folder :

public class FilterConfig

{

    public static void RegisterGlobalFilters(GlobalFilterCollection filters)

    {

        filters.Add(new HandleErrorAttribute());

    }

}

§  Inside Global.asax.cs file :

public class MvcApplication : System.Web.HttpApplication

{

    protected void Application_Start()

    {

        FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);

    }

}

2. Controller level:

Filters can also be applied to the controller level. So, filters will be applicable to all the action methods present inside Controller class if it is applied to a controller class. For e.g.

[HandleError]

public class HomeController : Controller

{

    public ActionResult Index()

    {

        return View();

    }

}

3. Action method level:
You can apply filters to an individual action method also. So, filter will be applicable to that particular action method only. For e.g.

public class HomeController : Controller

{

    [HandleError]

    public ActionResult Index()

    {

        return View();

    }

}

  Now for working with [HandleError] attribute properly we need the custom error setting inside the “Web.config” under “System.web” i.e.

<customErrors mode="On" />

In the above example, we have applied [HandleError] attribute to HomeController. So now it will display Error page if any action method of HomeController would throw unhandled exception i.e those exception which is not handled by the try-catch block.

You can apply multiple built-in or custom filters globally or at controller or action method level for different purpose such as [Authorize],[RequireHttps], [ChildActionOnly],[OutputCache],[HandleError].

Note: Every attribute class must end with Attribute e.g. HanderErrorAttribute. Attribute must be applied without Attribute suffix inside square brackets [ ] like [HandelError].

Filters can be broadly categorized into two types i.e

1. Built-in Filters
2. Custom filters

Built-In Filters(Attributes):

• [OutputCache] : This filter will store action output into local memory for particular period of time.
• [HandleError]: This filter will handle an unhandled error occurred within an action execution.
• [Authorize]: This filter will provide access to an action based on login with username or security ticket.
• [RequireHttps]: Represents an attribute that forces an unsecured HTTP request to be re-sent over HTTPS.
• [ChildActionOnly]: This Filter will specify that an action will be accessible only from a view not by the URL as a request.
• [AllowAnonymous]: This attribute allows the anonymous users to access the action or controller.
• [OverrideAuthorization]: This attribute provides the feature to override the existing authorization and provide the scope to specify new authorization over existing.