ActionFilterAttribute Examples for ASP.NET MVC Framework Preview 2

ActionFilterAttribute Examples for ASP.NET MVC Framework Preview 2

by David Hayden, Florida ASP.NET Developer

 

I mentioned the new ActionFilterAttribute on CodeBetter that you can find in ASP.NET MVC Preview 2:

 

 

As the name ActionFilterAttribute implies, this is a way to perhaps filter incoming requests to a Controller Action in the ASP.NET MVC Framework. It actually can do much more. The ActionFilterAttribute has an OnActionExecuting Method that gets fired before a Controller Action gets executed and an OnActionExecuted method that gets called after a Controller Action gets executed. You can create your own ActionFilterAttribute and choose to override one or more of these methods.

For example, one can create a filter that only allows a certain Role to execute an action:

 

public class AdminOnlyAttribute : ActionFilterAttribute
{
  private readonly string _adminRole;
  public AdminOnlyAttribute(string adminRole)
  {
      _adminRole = adminRole;
  }
  public override void OnActionExecuting
             (FilterExecutingContext filterContext)
  {
    if (!filterContext.HttpContext.User.IsInRole(_adminRole))
        throw new SecurityException("Sorry, dude!");
  }
}

 

I can apply this attribute to a controller action to only allow certain roles to call the method. In this case, only a user in the Admin Role is allowed to call the New Action on the ProductsController:

 

public class ProductsController : Controller
{
    [AdminOnly("Admin")]
    public void New()
    {
        RenderView("New");
    }
}

 

The proof is in the pudding. I tried to execute the action and since I was not in the Admin Role I received the SecurityException in Visual Studio 2008:

 

 

I also created a simple ActionFilterAttribute that requires an action to be called only when using a Secure SSL Connection:

 

public class RequiresSSLAttribute : ActionFilterAttribute
{
  public override void OnActionExecuting
              (FilterExecutingContext filterContext)
  {
   if (!filterContext.HttpContext.Request.IsSecureConnection)
          throw new InvalidOperationException
                        ("Requires Secure Connection");
  }
}

 

I can combine multiple ActionFilterAttributes on a single Controller Action and specify the order in which they are executed:

 

[RequiresSSL(Order = 1)]
[AdminOnly("Admin", Order = 2)]
public void New()
{
    RenderView("New");
}

 

The RequiresSSL Attribute will execute before the AdminOnly Attribute.

Another ActionFilterAttribute that could come in handy is one that makes sure the action occurs only during a POST as opposed to a GET, etc.

 

public class HttpPostOnlyAttribute : ActionFilterAttribute
{
    public override void OnActionExecuting
                (FilterExecutingContext filterContext)
    {
      if (!filterContext.HttpContext.Request
              .HttpMethod.Equals("POST"))
          throw new InvalidOperationException
              ("Must Use HTTP POST");
    }
}

 

You get the idea. These are only using the OnActionExecuting Method, but you can certainly provide functionality after an action executes and for both. Logging, caching, and other cross-cutting type concerns come to mind using the ActionFilterAttributes.

Hope this helps,

Dave

 

ASP.NET MVC Tutorials

• ASP.NET MVC Source Code Available for Download
• Unity IoC and ASP.NET MVC Framework - Dependency Injection of Controllers
• ASP.NET MVC Framework: Forms Authentication MVCToolkit and MembershipControllerBase
• ASP.NET MVC Framework and AJAX Using jQuery, JavaScriptSerializer and LINQ
• ASP.NET MVC Framework and Session State via StateValue from WCSF
• ASP.NET MVC Framework and Composite Web Application Block ( CWAB )
• Day Of Patterns & Practices Screencast - WCSF AJAX DynamicData ASP.NET MVC Framework

 

News Feed: http://www.davidhayden.com/

 

posted on Friday, March 21, 2008 2:34 PM