Prior to ASP.NET MVC 5, there are 4 types of filters: 1. Authorization filters (IAuthorizationFilter) 2. Action filters (IActionFilter) 3. Result filters (IResultFilter) 4. Exception filters (IExceptionFilter) ASP.NET MVC 5 introduces the new Authentication filters (IAuthenticationFilter).
ASP.NET MVC supports the following types of action filters:
Authorization filters. These implement IAuthorizationFilter and make security decisions about whether to execute an action method, such as performing authentication or validating properties of the request. The AuthorizeAttribute class and theRequireHttpsAttribute class are examples of an authorization filter. Authorization filters run before any other filter.
Action filters. These implement IActionFilter and wrap the action method execution. The IActionFilter interface declares two methods: OnActionExecuting and OnActionExecuted. OnActionExecuting runs before the action method. OnActionExecuted runs after the action method and can perform additional processing, such as providing extra data to the action method, inspecting the return value, or canceling execution of the action method.
Result filters. These implement IResultFilter and wrap execution of the ActionResult object. IResultFilter declares two methods: OnResultExecuting and OnResultExecuted. OnResultExecuting runs before the ActionResult object is executed. OnResultExecuted runs after the result and can perform additional processing of the result, such as modifying the HTTP response. The OutputCacheAttribute class is one example of a result filter.
Exception filters. These implement IExceptionFilter and execute if there is an unhandled exception thrown during the execution of the ASP.NET MVC pipeline. Exception filters can be used for tasks such as logging or displaying an error page. TheHandleErrorAttribute class is one example of an exception filter.
1.Authorization Filter. 2. Authentication Filter 3. Action Filter. 4. Custom Filter.
1.Authorization Filter. 2. Authentication Filter 3. Action Filter. 4. Custom Filter
There are mainly three types of action filters provided in ASP.NET MVC.Authorization Filter: It makes security decisions about whether to execute an action method, such as performing authentication or validating properties of the request. Authorization filters execute very early in the action pipeline, so they're appropriately.It is used for activities that short circuit the entire action execution. TheAuthorizeAttribute class is one example of an authorization filter.Action and Result Filter: An action filter that wants to participate in pre- and post-processing of actions should implement the IActionFilter interface. This interface offers two methods to implement: OnActionExecuting(for pre-processing) and OnActionExecuted (for post-processing). Similarly, for pre- and post processing of results, an action filter should implement IResultFilter, with its two filter methods:OnResultExecuting and OnResultExecuted. It wraps execution of the ActionResult object. This filter can perform additional processing of the result, such as modifying the HTTP response. TheOutputCacheAttribute class is one example of a result filter.Execution Filter: It executes if there is an unhandled exception thrown somewhere in action method, starting with the authorization filters and ending with the execution of the result. Exception filters can be used for tasks such as logging or displaying an error page. The HandleErrorAttribute class is one example of an exception filter.Apart from the readymade action filters provided by ASP.NET MVC, you can also implement your own action filter by inheriting ActionFilterAttribute abstract class. It has four virtual methods that you can override: OnActionExecuting, OnActionExecuted, OnResultExecuting and OnResultExecuted. To implement an action filter, you must override at least one of these methods. Developers often use exception filters to perform some sort of logging of the errors, notification of the system administrators, and choosing how to handle the error from the end user's perspective (usually by sending the user to an error page)