Custom Authentication Filter In MVC

Here, we will learn about using custom filters in ASP.NET MVC

Custom filters are used to inject logic at the different levels of request processing. Below is the filters execution sequence:

Authentication Filters ==>  Authorization filter ==> Action filter ==> Result filter ==> Exceptionfilter.

Filters is a custom class where you can write custom logic to execute before or after an action method executes. Filters can be applied to an action method or controller in a declarative or programmatic way. Declarative means by applying a filter attribute to an action method or controller class and programmatic means by implementing a corresponding interface.

  • The authentication filter executes before any other filter.
  • The authorization filter executes after the Execution of the Authentication filter and action method, or before any other filter.
  • The action filter executes before and after any action method.
  • The result filter executes before and after the execution of any action result.
  • The exception filter executes only if any action methods, filters, or results throw an exception.
  • Create a new class.
  • Implement IAuthenticationFilter Interface.
  • Derive it from ActionFilterAttribute.
  • Override the OnAuthentication method to run logic before the action method.

Override the OnAuthenticationChallenge method to run logic before the action method

public class AuthenticationSampleFilter : ActionFilterAttribute, IAuthenticationFilter
{
   public void OnAuthentication(AuthenticationContext filterContext)
   {
        //Your Code
   }
   public void OnAuthenticationChallenge(AuthenticationChallengeContext filterContext)
   {
        //Your Code
   }
}

“IAuthenticationFilter.OnAuthentication” should be used for setting the principal, the principal being the object identifying the user.

OnAuthentication Method

The program invokes Authentication Filters by calling OnAuthentication method. This method creates the AuthenticationContext. AuthenticationContext has information about performing authentication. We can use this information to make authentication decisions based on the current context.

OnAuthenticationChallenge Method

This method executes after the Execution of OnAuthentication method. We can use the OnAuthenticationChallenge method to perform additional tasks on request. This method creates an AuthenticationChallengeContext the same way as OnAuthentication.

Global Level

Add a filter to the global filter in App_Start\FilterConfig. It will be available globally to the entire application.

public static void RegisterGlobalFilters(GlobalFilterCollection filters)
{
     filters.Add(new HandleErrorAttribute());
     filters.Add(new AuthenticationSampleFilter());
}

Controller Level

Add a filter to a Controller level. It will also be available for all the actions of that controller.

[AuthenticationSampleFilter]
public class HomeController : Controller
{
    public ActionResult Index()
    {
        return View();
    }
}

Action Level

Add a filter to a particular controller action. It will be available only for a particular controller action.

public class HomeController : Controller
{
    [AuthenticationSampleFilter]
    public ActionResult Index()
    {
        object str = HttpContext.User;
        return View();
    }
}

Submit a Comment

Your email address will not be published. Required fields are marked *

Footer Logo

Subscribe

Select Categories