Babu James
Babu James

Reputation: 2843

ASP.NET Web API Authorization Filter

I have a global authorization filter with overridden OnAuthorization method.

On debugging, I see that the controller class is instantiated first and then the OnAuthorization method is invoked.

Is this a known behavior as I have some code in the controller constructor which need not run if not authorized.

Is there any way to work around this?

Upvotes: 4

Views: 1557

Answers (1)

Guanxi
Guanxi

Reputation: 3131

Action filter are executed just before the Action on which they are applied to. If you have global Authorization filter, that means they are registered globally and you don't have to decorate each action with those filters, but that does not change behavior of Action filters i.e. to execute just before the action.

Controllers are initialized first and then corresponding Actions are called, so your authorization filter will be executed after Constructor of Controller and just before the action. This is behaviour of Action filters as they are designed so.

If you want to execute authorization before controller construct, try creating Message handler for authorization instead of Action filter by inheriting DelegatingHandler class.

Upvotes: 5

Related Questions