Reputation: 1370
What is the difference between Authorize Action filter and Authorization filter?
As per the ASP.NET website
The ASP.NET MVC framework includes several action filters:
- OutputCache – This action filter caches the output of a controller action for a specified amount of time.
- HandleError – This action filter handles errors raised when a controller action executes.
- Authorize – This action filter enables you to restrict access to a particular user or role.
Also, there is a type of filter in MVC called "Authorization filter".
I am confused whether [Authorize] attribute is an Action filter or Authorization filter? And when will it be executed ?
Upvotes: 13
Views: 12161
Answers (2)
Reputation: 56849
What is the difference between Authorize Action filter and Authorization filter?
None.
That documentation is apparently incorrect (and if you note in the table of contents, it is for version 1 and 2 of MVC, so it is also out of date).
AuthorizeAttribute inherits IAuthorizationFilter, so it is in fact an authorization filter, not an action filter. There is no Authorization action filter in MVC.
Note that for MVC 3 to MVC 5 you should refer to the up-to-date Filtering in ASP.NET MVC documentation in the future.
And when will it be executed ?
As per MSDN:
Filters run in the following order:
- Authorization filters
- Action filters
- Response filters
- Exception filters
Upvotes: 6
Reputation: 13796
I am confused whether [Authorize] attribute is an Action filter or Authorization filter?
The [Authorize] attribute is an Authorization filter, as can be seen by looking at it's source code. If you look closely, it implements the IAuthorizationFilter interface and according to the documentation, that classifies it as an Authorization filter.
namespace System.Web.Mvc
{
//
// Summary:
// Specifies that access to a controller or action method is restricted to users
// who meet the authorization requirement.
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = true, AllowMultiple = true)]
public class AuthorizeAttribute : FilterAttribute, IAuthorizationFilter
.........
When is it executed?
As per the documentation:
Filters are executed in the order listed above. For example, authorization filters are always executed before action filters and exception filters are always executed after every other type of filter.
Have a look at the current documentation for filtering in MVC: https://msdn.microsoft.com/en-us/library/gg416513(VS.98).aspx
It clearly states that the [Authorize] attribute is an Authorization filter:
The AuthorizeAttribute class and the RequireHttpsAttribute class are examples of an authorization filter. Authorization filters run before any other filter.
Upvotes: 2
Related Questions
- What is the difference between a field and a property?
- What is the difference between .NET Core and .NET Standard Class Library project types?
- What are the correct version numbers for C#?
- Difference Between Select and SelectMany
- What is the best way to give a C# auto-property an initial value?
- What is the difference between String and string in C#?
- What is the difference between declarative and imperative paradigm in programming?
- How to calculate difference between two dates (number of days)?
- What's the difference between the 'ref' and 'out' keywords?
- What is the difference between const and readonly in C#?