In this article we will try to see how we can use custom filters and attributes in an ASP.NET MVC
application. Custom filters and attributes are an excellent way of injecting extra processing logic
into the MVC request response pipeline. We will try to understand all about these and will see them
in action using a simple sample application.
In an ASP.NET MVC application the request from the user first lands at the
UrlRoutingModule. This module
parses the requested URL and then invokes the corresponding controller and action. The controller will then
render the appropriate view and the response will be sent to the user.
Now what if we want to inject some extra processing logic in this request-response life cycle. Some
extra logic that is written once and can be reused across multiple controllers and/or actions.
ASP.NET MVC provides a way for us to do that by writing custom filters that can be used to inject
extra processing logic in the request-response life cycle.
What are attributes and filters
MVC provides a very clean way of injecting the pre-processing and post-processing logic for actions and
controllers. They way we can put the pre-processing and post-processing logic is by decorating the actions
with attributes which will invoke an attribute class implementing the filter's logic.
For example, If we need some action to be executed when the user has been authenticated then we can
adorn the action with the
[Authorize] attribute. This will take care of calling the attribute class which
implements the authorization filter to check whether the user has is authorized or not.
public ActionResult Index()
So the way to implement custom filters would be to implement the interface that is needed for implementing
the required filter. Now we can decorate the actions with this attribute so that our filter logic will be executed
when this action is called. If we want all the actions of a controller to use this filter we can decorate the
controller itself with this attribute.
Using the code
Let us now try to look at the type of filters we can implement to inject our custom processing logic.
Type of filters
Now taking this discussion further, Let us first discuss the various types of filters that can be implemented
to inject custom processing logic.
- Authorization filter
- Action filter
- Result filter
- Exception filter
Implementing Custom Filters
Now let us try to look at implement these filters. We will simply implement the custom filters and
put a simple message in the
ViewBag collection. We will then use these filters with an action of controller
and try to see the custom messages we inserted in the
ViewBag collection on our view page.
This filter provides authentication and authorization logic. It will be executed before
the action gets executed. To implement this action the interface
IAuthorizationFilter should be implemented
by the custom attribute class.
public class CustomAuthorizationAttribute : FilterAttribute, IAuthorizationFilter
void IAuthorizationFilter.OnAuthorization(AuthorizationContext filterContext)
filterContext.Controller.ViewBag.OnAuthorization = "IAuthorizationFilter.OnAuthorization filter called";
Now when we decorate the action method with this attribute the
OnAuthorize filter method will be
called and our custom logic will get executed.
Note: In the above code we have created an attribute which will only run when the
authorization is being done by the application. In our own filter method we are not doing anything related
to authorization. If we were to do custom authentication and authorization then we will have
to derive this attribute from
AuthorizeAttribute class and implement custom authorization logic.
Perhaps we will discuss that separately. For now this filter will run run when the authorization is being
done and before calling the action method so that we can inject our custom logic in it.
This filter will be called before and after the action starts executing and after the action has executed.
We can put our custom pre-processing and post-processing logic in this filter.
Now to implement this filter we need to create a custom filter attribute class and implement the
filter interface. This interface provides us two methods
be called before and after the action gets executed respectively.
public class CustomActionAttribute : FilterAttribute, IActionFilter
void IActionFilter.OnActionExecuted(ActionExecutedContext filterContext)
filterContext.Controller.ViewBag.OnActionExecuted = "IActionFilter.OnActionExecuted filter called";
void IActionFilter.OnActionExecuting(ActionExecutingContext filterContext)
filterContext.Controller.ViewBag.OnActionExecuting = "IActionFilter.OnActionExecuting filter called";
This filter will execute before and after the result of the
action method has been executed.
We can use this filter if we want some modification to be done in the action's result.
To implement the result filters we need to create a custom filter attribute class and implement the
interface. this interface provides two methods
which will be called before
and after the action result respectively.
public class CustomResultAttribute : FilterAttribute, IResultFilter
void IResultFilter.OnResultExecuted(ResultExecutedContext filterContext)
filterContext.Controller.ViewBag.OnResultExecuted = "IResultFilter.OnResultExecuted filter called";
void IResultFilter.OnResultExecuting(ResultExecutingContext filterContext)
filterContext.Controller.ViewBag.OnResultExecuting = "IResultFilter.OnResultExecuting filter called";
This filter will be invoked whenever a controller or action of the controller throws
an exception. This is particularly useful when we need custom error logging module.
To implement this filter we need to create a custom filter attribute class which implements
This interface gives us a methods called
OnException which is a perfect place to call the exception logging module and
to redirect to some error page.
public class CustomExceptionAttribute : FilterAttribute, IExceptionFilter
void IExceptionFilter.OnException(ExceptionContext filterContext)
filterContext.Controller.ViewBag.OnException = "IExceptionFilter.OnException filter called";
Order of Execution
Now with all the above filters we have the following filter methods.
Now assuming that we have all the filters attached to a single action method what will be the order of
execution of these filers. These filters will execute in following order under normal(non-exception) scenario.
In case there is an exception,
OnException will will be called as instead of the result filters.
Using the Custom Filters
Now from our application we just need to decorate the actions on which we need the custom filter
functionality. Lets try to do this on a single action method as:
public class HomeController : Controller
public ActionResult Index()
ViewBag.Message = "Index Action of Home controller is being called.";
And the code to see these on the view page:
And when we try to run the application:
The important thing to note in the running application is that
ViewBag.OnResultExecuted is empty. the reason for
this is that the function
IResultFilter.OnResultExecuted gets called when the view has been rendered i.e. the action
result has been completed.
Note: It is advisable to put breakpoints on all filter methods and then run the application to understand the
sequence of these filter methods. Also, un-commenting the line in controller which throws a dummy exception will
IExceptionFilter.OnException filter method too.
ASP.NET MVC comes with a some of built in attribute classes that provides a some boilerplate functionality.
We can create custom classes that derives from these built in classes and further provide
specialized behavior as per our needs. Let us try to see some of these built in attributes.
AuthorizeAttribute: MVC framework provides
AuthorizeAttribute which is
helpful in specifying our custom authorization policies.
ActionFilterAttribute: This is the built in implementation of
attribute can be used as base class to implement the custom behavior for action and result filters.
HandleErrorAttribute: This is the built in implementation of
IExceptionFilter which makes it easier
to implement the exception handling strategy.
Point of interest
This was an introductory article for beginner's to make then familiar with the concept of filters
and attributes in ASP.NET MVC application. We discussed how custom filters and attributes are helpful
in injecting custom pre-processing and/or post-processing logic in the MVC request-response cycle. I hope this has been
15 April 2013: First version