ASP.NET Web API-Filters
Filters are parts of the ASP.NET Web API that implement pre- and post-process requests and responses. They provide a way to add the functionality of your API pipeline without changing the specific actions or controllers. Every filter attribute class must implement IFilter interface included in System.Web.Http.Filters namespace.
Types of Filters in ASP.NET Web API
The following are the types of filters in Web API.
- Authentication Filter
- Authorization Filter
- Action Filter
- Exception Filter
- Override Filter
1. Authentication Filter
We can authenticate the user information with the help of an authentication filter. We put the logic for verifying user identity in the authentication filter.
2. Authorization Filter
Authorization Filters are responsible for checking User Access. They implement the IAuthorizationFilterinterface in the framework.Authorization filters are used to control access to API actions based on user roles, permissions, or other criteria. They are executed before the action is invoked, and they can either allow or deny access to the action based on the provided credentials or authorization rules.
3. Action Filter
Action filters are executed before and after the execution of API actions. They allow you to perform processing tasks such as logging, caching, modifying the action parameters, or modifying the response before it is sent back to the client. The OnActionExecuting and OnActionExecuted methods are used to add our logic before and after an action method is executed.
4. Exception Filter
Exceptions that arise while an API operation is being executed are handled by exception filters. They enable you to handle certain exceptions or implement your own exception handling mechanism. Using exception filters might help you report problems, provide unique error messages, or categorize exceptions.
5. Override Filter
Sometimes there is a requirement like whatever the filters we are having we need to override. Let us say we applied the filter at the controller level but there is an action within a controller where we don’t want to use the filter so we can use the override version of the filter.
Filters are generally applied in below of three ways.
- Global
- Controller
- Action
Based on WebApi and Linq sources, filters execution order is:
- AuthenticationFilters
- AuthorizationFilters
- ActionFilters, based on scope
- ExceptionFilters
Example of Exception Filter in ASP.NET Web API
Create a custom exception filter by implementing the IExceptionFilter interface. This interface contains a single method, OnException, which is called when an unhandled exception occurs.
public class CustomExceptionFilterAttribute : ExceptionFilterAttribute
{
public override void OnException(HttpActionExecutedContext context)
{
// Log the exception or perform any other necessary error handling tasks
// Create a custom error response
var errorResponse = new HttpResponseMessage(HttpStatusCode.InternalServerError)
{
Content = new StringContent("An error occurred. Please try again later."),
ReasonPhrase = "Internal Server Error"
};
// Set the response of the current context
context.Response = errorResponse;
}
}Apply the exception filter to your API controller or specific action methods using the [CustomExceptionFilter] attribute.
[CustomExceptionFilter]
public class ValuesController : ApiController
{
// Your action methods here
}In the example above, the CustomExceptionFilterAttribute is applied globally to all actions in the ValuesController by using the [CustomExceptionFilter] attribute. This means that all actions in the ValuesController will have their exceptions handled by the CustomExceptionFilterAttribute. You can also apply the filter to specific actions or controllers as needed.