Geek Answers Handbook

What is the difference between an Authorize Action filter and an authorization filter?

According to the ASP.NET website

The ASP.NET MVC framework includes several action filters:

  • OutputCache - This action filter caches the output of a controller action for a specific time.
  • HandleError - This action filter handles errors that occur during the execution of a controller action.
  • Authorize. This action filter allows you to restrict access to a specific user or role.

In addition, MVC has a filter called the "Authorization Filter".

I'm confused, is the [Authorization] attribute an action filter or an authorization filter? And when will this be done?

+8
c # filter asp.net-mvc asp.net-mvc-4
source share
2 answers

What is the difference between an Authorize Action filter and an authorization filter?

Missing.

This documentation seems to be incorrect (and if you check the table of contents, it is for MVC versions 1 and 2, so it is also outdated).

AuthorizeAttribute inherits IAuthorizationFilter , so this is actually an authorization filter, not an action filter. There is no authorization authorization filter in MVC.

Note that for MVC 3 through MVC 5, you should update the Filtering documentation in ASP.NET MVC in the future.

And when will it be done?

By MSDN :

Filters are performed in the following order:

  • Authorization Filters
  • Action filters
  • Response filters
  • Exception filters
+5
source share

I'm confused, is the [Authorize] attribute an action filter or an Authorization filter?

The [Authorize] attribute is an authorization filter that can be seen by looking at its source code. If you look closely, it implements the IAuthorizationFilter interface and according to the documentation that classifies it as an authorization filter.

 namespace System.Web.Mvc { // // Summary: // Specifies that access to a controller or action method is restricted to users // who meet the authorization requirement. [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = true, AllowMultiple = true)] public class AuthorizeAttribute : FilterAttribute, IAuthorizationFilter .........

When is it running?

According to the documentation:

Filters are performed in the order indicated above. For example, authorization filters are always executed before action filters and exception filters are always executed after every other type of filter.

See the current documentation for filtering in MVC: https://msdn.microsoft.com/en-us/library/gg416513(VS.98).aspx

It clearly states that the [Authorize] attribute is an authorization filter:

The AuthorizeAttribute class and the RequireHttpsAttribute class are examples of authorization filters. Authorization filters run before any other filter.

+2
source share

More articles:


All Articles