Reputation: 2843
ASP.NET Web API Authorization Filter
I have a global authorization filter with overridden OnAuthorization method.
On debugging, I see that the controller class is instantiated first and then the OnAuthorization method is invoked.
Is this a known behavior as I have some code in the controller constructor which need not run if not authorized.
Is there any way to work around this?
Upvotes: 4
Views: 1557
Answers (1)
Reputation: 3131
Action filter are executed just before the Action on which they are applied to. If you have global Authorization filter, that means they are registered globally and you don't have to decorate each action with those filters, but that does not change behavior of Action filters i.e. to execute just before the action.
Controllers are initialized first and then corresponding Actions are called, so your authorization filter will be executed after Constructor of Controller and just before the action. This is behaviour of Action filters as they are designed so.
If you want to execute authorization before controller construct, try creating Message handler for authorization instead of Action filter by inheriting DelegatingHandler class.
Upvotes: 5
Related Questions
- Custom Authorization Filtering Minimal API .Net 6
- WebAPI 2 IAuthenticationFilter return 401
- Authentication filter in Web API 2
- Sending json response using Authentication filter in Web api controller?
- Web API custom authentication filter
- .Net Web Api - Override AuthorizationFilter
- WebApi Authorization Filter
- ASP.NET Web API and Authorization
- On Asp.net Web Api authorization filters, how can I access to parameters?
- asp .net mvc web api authentication filters session