In ASP.NET MVC, the Filters are used to inject some pre-processing or post-processing logic in the ASP.NET MVC pipeline. For example, if we want to authenticate a request before executing an action method, it means we want to inject a pre-processing logic in the ASP.NET MVC life cycle. Similarly, if we want to alter the HTML (view result) before rendering it to the screen, it means we want to inject some post-processing logic in the ASP.NET MVC pipeline.
In ASP.NET WebForms, we were frequently using HttpHandlers and HttpModules for injecting pre-processing or post-processing logic. We can still implement HttpHandlers or HttpModules in ASP.NET MVC, but in most cases, the filters provided by MVC can accomplish the same task. We can even extend the built-in filters or create our own custom filters as per the requirements. In short, when a simpler option is available, why opt for the more complex one?
Each filter is an attribute that can be applied to any particular action or to the controller. If applied to a controller, it means it will work for every action within that controller.
The filters can even be registered at the application level (global level), which will work for every action within any controller.
Types of Filters
ASP.NET MVC provides the following filters:
Authorization Filter: Authorization filters are used to authenticate or authorize a user. This filter implements the IAuthorizationFilter interface.
Action Filter: ActionFilter implements the IActionFilter interface, and is used to change the flow of execution of an action method. MVC provides the following action methods.
- Output Cache: This filter caches the output of an action method for a certain duration.
[OutputCache(Duration=30)] public ActionResult Index() { EmployeeVM evm = new EmployeeVM(); evm.employees = new List<employee>(){ new Employee(){Id=1,Name="emp1"}, new Employee(){Id=2,Name="emp2"}, new Employee(){Id=3,Name="emp3"}, }; return View(evm); }In the above code, the output of the Index action will be cached for 30 seconds.
- HandleError: This filter is used to show a specific error page if any exception occurs during the execution of the action method.
[HandleError(View="error.cshtml")] public ActionResult Index() { EmployeeVM evm = new EmployeeVM(); evm.employees = new List<employee>(){ new Employee(){Id=1,Name="emp1"}, new Employee(){Id=2,Name="emp2"}, new Employee(){Id=3,Name="emp3"}, }; return View(evm); }In the above example, if any exception is thrown (an exception means an error that is not handled by the try-catch block), then the specified view will be displayed. If we do not specify a view name, the view resides under the Shared folder, and Error.cshtml will be displayed.
HandleError can also be registered globally in FilterConfig.cs. To make HandleError work, the settings below are also necessary in the web.config:
public static void RegisterGlobalFilters(GlobalFilterCollection filters) { filters.Add(new HandleErrorAttribute()); }<system.webserver> <httperrors errormode="Custom"> <remove statuscode="404" /> <error statuscode="404" path="/error/Error404" responsemode="Redirect" /> </httperrors> <modules> <remove name="FormsAuthenticationModule" /> </modules> </system.webserver>Here, Error404 is the view name, which is displayed when a resource is not found.
- Authorize: This filter is used to authenticate and authorize a user. If a user is authenticated and has the required permission, they can access the page.
[Authorize] public ActionResult GetCustomer() { CustomerVM cvm = new CustomerVM(); cvm.customers = new List<customer>(){ new Customer(){Id=1,Name="customer1"}, new Customer(){Id=2,Name="customer2"}, new Customer(){Id=3,Name="customer3"}, }; return View(cvm); }If the user is not logged in and tries to access the above method, they will be redirected to the login page, provided Forms Authentication is enabled. Otherwise, it will throw a 401 error stating unauthorized access.
Result Filters: Result filters implement IResultFilter and are used to inject logic before or after the execution of viewresult .
Exception Filters: Exception Filters implement the IExceptionFilter interface and are used to inject logic if any exception is thrown either by the controller or the action.
