ASP.NET Web API Authorization Filter
Question
I have a global authorization filter with overridden OnAuthorization method.
On debugging, I see that the controller class is instantiated first and then the OnAuthorization method is invoked.
Is this a known behavior as I have some code in the controller constructor which need not run if not authorized.
Is there any way to work around this?
1 answers
solution1
5 ACCPTED 2014-05-29 12:23:07
Action filter are executed just before the Action on which they are applied to. If you have global Authorization filter, that means they are registered globally and you don't have to decorate each action with those filters, but that does not change behavior of Action filters ie to execute just before the action.
Controllers are initialized first and then corresponding Actions are called, so your authorization filter will be executed after Constructor of Controller and just before the action. This is behaviour of Action filters as they are designed so.
If you want to execute authorization before controller construct, try creating Message handler for authorization instead of Action filter by inheriting DelegatingHandler class.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.