Overview Of Filters And Their Types In ASP.NET MVC 5

This article will explain to you the concept of filters in ASP.NET MVC.

There are different types of filters available in MVC.

What are filters in MVC?

Filters are used to execute custom logic before or after executing the action method. ASP.NET MVC provides filters for this purpose. ASP.NET MVC Filter is a custom class where we can write custom logic to execute that before or after an action method is executed.

Types of filters in MVC?

Action Filter

Action filters are used to implement logic that gets executed before and after a controller action executes. It implements the IActionFilter attribute.

Authentication Filter

Authentication filter is introduced with ASP.NET MVC5. It authenticates the credentials of a user like a username and password. IAuthenticationFilter interface is used to create CustomAuthentication filter.

Authorization Filter

Authorization filters are used to implement authentication and authorization for controller actions. It implements the IAuthorizationFilter attribute.

Result Filter

Result filters contain logic that is executed before and after a View result is executed. For example, you might want to modify a View result right before the View is rendered to the browser. It implements the IResultFilter attribute.

Exception Filter

Exception filter is used to handle errors raised by either your controller actions or controller action results. You also can use exception filters to log errors. It implements the IExceptionFilter attribute.
 

Action Filters

  • Output Cache: This action filter caches the output of a controller action.
  • Handle Error: This action filter handles errors raised when a controller action executes.
  • Authorize: This action filter enables you to restrict access to a particular user or role.

If we have multiple filters, this is the sequence for execution -

  • Authentication filters
  • Authorization filters
  • Action filters
  • Result filters

"Filter Overrides" in MVC

ASP.NET MVC 5 has a new feature called "Filter Overrides" which allows you to clear or replace certain filter types created in higher scopes.

What are the "filter overrides" attributes in ASP.NET MVC 5?

  • OverrideActionFilters
  • OverrideAuthentication
  • OverrideAuthorization
  • OverrideExceptionFilters
  • OverrideResultFilters

These all implement IOverrideFilter, which is an interface you can implement on your own classes to create custom FilterAttributes.

How to create Custom Filters in MVC?

We can create our own custom filters or attributes either by implementing the ASP.NET MVC filter interface or by inheriting and overriding methods of ASP.NET MVC filter attribute class if available.

When to use Filters in MVC?
 
Filters in MVC are used to perform the following common functionalities in an MVC application.
  1. Custom Authentication
  2. Custom Authorization(User-based or Role-based)
  3. Error handling or logging
  4. User Activity Logging
  5. Data Caching
  6. Data Compression

How to configure filters in ASP.NET MVC?

We can configure our custom filter in an application at three levels.

  • Global level
  • Controller level
  • Action level

Global level

Do this by registering your filter into Application_Start event of Global.asax.cs file with the help of FilterConfig class.
  1. protected void Application_Start()  
  2.         {  
  3.             FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);  
  4.             AreaRegistration.RegisterAllAreas();  
  5.             RouteConfig.RegisterRoutes(RouteTable.Routes);  
  6.         }  

Controller level

Do this by putting your filter on the top of the controller name,
  1. [Authorize(Roles = "Admin")]  
  2.   public class AdminController : Controller  
  3.   {    
  4.       public ActionResult Login()  
  5.       {  
  6.           return View();  
  7.       }  
  8.   }  

Action level

Do this by putting your filter on the top of the action name as shown below,
  1. [Authorize(Users = "Students,Parents,Teachers")]  
  2.         public ActionResult Login()  
  3.         {  
  4.             return View();  
  5.         }