Reputation: 15149
What's the purpose of IAuthenticationFilter.OnAuthenticationChallenge()
I have a custom IAuthenticationFilter implementation registered in RegisterGlobalFilters(). In my project I'm witnessing the following call sequence:
- IAuthenticationFilter.OnAuthentication
- authorization (if any)
- controller action
- IAuthenticationFilter.OnAuthenticationChallenge
Why does it happen after controller action? From this blog post I read
The key thing to remember is that
OnAuthenticationChallengedoes not necessarily run before every other Action Filter. It can run at various stages.
How can it be useful if we can't tell when exactly it is called?
Upvotes: 7
Views: 5133
Answers (1)
Reputation: 1333
"The OnAuthenticationChallange method is called by the MVC Framework whenever a request has failed the authentication or authorization policies for an action method. The OnAuthenticationChallenge method is passed an AuthenticationChallengeContext object, which is derived from the ControllerContext class"
So, a practical example would be:
1 - You set your custom authorize filter
2 - users fails on authorizing method
3 - OnAuthenticationChallenge method is called.
Upvotes: 9
Related Questions
- ASP.NET: What is the purpose of IAuthorizationService
- What exactly is 'UseAuthentication()' for?
- Implementing MVC 5 IAuthenticationFilter
- What does HostAuthenticationFilter do?
- ASP.NET IAuthorizationFilter OnAuthorization
- Where is IAuthenticationFilter interface in asp.net 5
- ASP.NET MVC IAuthorizationFilter usage
- MVC 5.0 [AllowAnonymous] and the new IAuthenticationFilter
- IAuthenticationFilter interface implementation in asp.net MVC
- Difference between IActionFilter and IAuthorizationFilter