Override filters in ASP.NET Web API 2

You can now override which filters apply to a given action method or controller, by specifying an override filter. Override filters specify a set of filter types that should not run for a given scope (action or controller). This allows you to add global filters, but then exclude some from specific actions or controllers.

Key Features

  • Override filters disable higher-scoped filters of a given type.
  • Use an override when you want to vary the filter pipeline for a single action method so that controller-level and global filters won’t be executed.
  • Override filters do not affect filters applied at the same scope.

The Built-in Override Filter Attributes are

  • OverrideAuthenticationFilters – Prevents authentication filters from being executed
  • OverrideAuthorizationFilters – Prevents authorization filters from being executed
  • OverrideActionFilters – Prevents action filters from being executed
  • OverrideExceptionFilters – Prevents exception filters from being executed

Let us understand this with some example, how we can override Authorization Filter.

Example-1 : Overriding Controller wide Authorization

I applied an authorization filter to the Employee controller so that it applies to all of the action methods and then applies the OverrideAuthorizationFilters attribute to disable authorization for one of them.


using System.Collections.Generic;
using System.Linq;
using System.Web.Http;
using System.Net;
using System;

namespace WEBAPI2Demo.Controllers
{
    public class Employee
    {
        public int EmployeeID { get; set; }
        public string FirstName { get; set; }
        public string  LastName { get; set; }
    }

    [Authorize(Roles = "admins")]
    public class EmployeeController : ApiController
    {
         private static List<Employee> employees = new List<Employee>
	 { 

		new Employee { EmployeeID = 1, FirstName = "Sandeep", LastName = "Ramani" }                

	 };

        [OverrideAuthorization]
        public IEnumerable<Employee> Get()
        {
            return employees;
        }

        public Employee Get(int id)
        {
            return employees[id];
        }

        public Employee Post(Employee emp)
        {
            emp.EmployeeID = employees.Count + 1;
            employees.Add(emp);
            return emp;
        }
    }
}

The effect of the Authorize attribute is to restrict all of the action methods in the Employee controller so they can be accessed only by authenticated users who have been assigned to the admins role.

The effect of applying the OverrideAuthorization attribute to the parameter less version of the Get action method is to prevent execution of all authorization filters for that action method, which means that any request is able to invoke the action.

Example-2 : Redefining Authorization

Override filters affect filters only at the previous scope, which means you can apply attributes of the overridden type at the same level as the override, and they will be executed.

Let us update previous example and add Authorization to restrict action method to role users only.


using System.Collections.Generic;
using System.Linq;
using System.Web.Http;
using System.Net;
using System;

namespace WEBAPI2Demo.Controllers
{
    public class Employee
    {
        public int EmployeeID { get; set; }
        public string FirstName { get; set; }
        public string  LastName { get; set; }
    }

    [Authorize(Roles = "admins")]
    public class EmployeeController : ApiController
    {
        private static List<Employee> employees = new List<Employee>
	{ 

		new Employee {EmployeeID = 1, FirstName = "Sandeep", LastName = "Ramani" }                

	};

        [OverrideAuthorization]
	[Authorize(Roles="users")]
        public IEnumerable<Employee> Get()
        {
            return employees;
        }

        public Employee Get(int id)
        {
            return employees[id];
        }

        public Employee Post(Employee emp)
        {
            emp.EmployeeID = employees.Count + 1;
            employees.Add(emp);
            return emp;
        }
    }
}

I have applied the Authorize filter to the Get method, specifying that only authenticated users who have been assigned to the users role are allowed to invoke the action method. Without the OverrideAuthorization attribute, the filter pipeline would contain both Authorize attributes, and they would be executed one after the other, creating a combined effect of restricting access to those users who have been assigned to both the admins and users roles.

But with the OverrideAuthorization, the controller-scoped Authorize attribute is removed from the pipeline, meaning that only the Authorize filter applied directly to the action method will be used: the effect is to restrict access to the users role.

Similarly, you can use other Override Filters for Authentication, Actions and Exceptions in WEB API Services in your projects.

Advertisements

10 Angular and TypeScript Projects to Take You From Zero to Hero

There are a lot of great samples and posts out there to help get you started with Angular (version 2 or higher) as well as ES6/ES2015 and TypeScript. However, some are out of date, some may be more complex than you want to start with, and others have been abandoned and are no longer maintained. In this post I’m going to provide a list of 10 Angular/TypeScript projects that I’ve created that can take you from “Zero to Hero” if you like to explore project code and are interested in investing the time to learn.

Full Article on Code With DAN : https://blog.codewithdan.com/2017/02/08/10-angular-and-typescript-projects-to-take-you-from-zero-to-hero/

Hope this will help 🙂

StackBlitz — Online VS Code IDE for Angular & React

StackBlitz is an online IDE where you can create Angular & React projects that are immediately online & shareable via link… in just one click. It automatically takes care of installing dependencies, compiling, bundling, and hot reloading as you type.

StackBlitz feels & functions exactly like your local DEV environment.

Start using it and provide your feedback to team who created this online IDE for us 🙂

Reference: https://medium.com/@ericsimons/stackblitz-online-vs-code-ide-for-angular-react-7d09348497f4

 

SQL Server LocalDB 2014 Connection String

I always face issues for LocalDB connection string when download GitHub code developed using SQL Express 2012 – LocalDB.

I assumed that I could just update my connection string from v11.0 to v12.0 but it seems that Microsoft have changed the naming scheme for this version. Now the automatic instance is named MSSQLLocalDB.

So, For SQL Server 2012 LocalDB, I had this connection string:

<connectionStrings>
  <add name="DefaultConnection"
   connectionString="Data Source=(LocalDb)\v11.0;AttachDbFilename=|DataDirectory|\Test.mdf;Initial Catalog=Test;Integrated Security=True"
providerName="System.Data.SqlClient" />
</connectionStrings>

For SQL Server 2014 LocalDB the connection string should be:

<connectionStrings>
 <add name="DefaultConnection"
  connectionString="Data Source=(LocalDb)\MSSQLLocalDB;AttachDbFilename=|DataDirectory|\Test.mdf;Initial Catalog=Test;Integrated Security=True"
providerName="System.Data.SqlClient" />
</connectionStrings>

You also need to update, Entity Framework default connection factory setting in web.config file where v11.0 should be v12.0 for SQL Server 2014 LocalDB.


<defaultConnectionFactory type="System.Data.Entity.Infrastructure.LocalDbConnectionFactory, EntityFramework">
  <parameters>
    <parameter value="v12.0" />
  </parameters>
</defaultConnectionFactory> 

Hope this will help 🙂

AngularJS CRUD Using ASP.NET MVC5 – Add Toaster Notifications

In Previous article we learn how to add form data validations for CREATE and UPDATE Operation. In this article, we will learn how to add toaster notifications in our application.

You can download code for previous article from GitHub and start adding code for toaster notification.

So Let us start coding ??

Step-1: Download “toaster.css“, “toaster.js” and “angular-animate.min.js

Note: we need to also update angular.js version to AngularJS v1.5.6, because latest version v1.6.4 is not working with toaster.js and we need to downgrade to make toaster works with angularJS.

Now all set. dependencies are set in the project.

Step-2: Bundle this JS and CSS files in our project

Open “App_Start –> BundleConfig.cs” file and update the angular bundle


bundles.Add(new ScriptBundle("~/bundles/angular").Include(
                       "~/Scripts/angular.js",
                       "~/Scripts/angular-animate.min.js",
                       "~/Scripts/toaster.js"));

Similarly css bundle:


bundles.Add(new StyleBundle("~/Content/css").Include(
                      "~/Content/bootstrap.css",
                      "~/Content/site.css",
                      "~/Content/toaster.css"));

Step-3: Include the ‘ngAnimate‘ and ‘toaster‘ module in your AngularJS app

Open “AngularJSApp\Employee\Module.js” file and add module like

myapp = angular.module('my-employees', ['toaster', 'ngAnimate', 'ui.bootstrap.showErrors']);

Note: ngAnimate module require if you want animations during toaster notification.

Step-4: Add ‘toaster-container‘ directive in Index.cshtml

By default, toasts have a timeout setting of 5000, meaning that they are removed after 5000 milliseconds. If the timeout is set to 0, the toast will be considered “sticky” and will not automatically dismiss. The timeout can be configured at three different levels:

Globally in the config for all toast types:

<toaster-container toaster-options="{'time-out': 1000}">
</toaster-container>

Per info-class type: By passing the time-out configuration as an object instead of a number, you can specify the global behavior an info-class type should have.

<toaster-container
toaster-options="{'time-out':{ 'toast-success': 2000, 'toast-error': 0 } }">
</toaster-container>

We will add following toaster-options for our toasts to display.

<toaster-container
toaster-options="{'close-button':true, 'time-out':{ 'toast-success': 2000, 'toast-error': 0 } }">
</toaster-container>

Success toasts will fade out after 2 seconds and error toasts will be sticky, until you close it. we also used close-button property which will show close button for all our toasts, so user can manually close our error toasts using close button.

Step-5: Usage of toaster in ng-controller

Let us update our JavaScript alert messages for success and failure for ‘employee-controller‘ in “AngularJSApp –> Employee –> Controller.js” by adding toaster notifications.

First, inject toaster module in our controller:

myapp.controller('employee-controller',
function ($scope, employeeService, toaster)

Then, you can use it any where in our controller.

For Success :

toaster.success({ title: "Success", body: "Employee added successfully" });

For error :

toaster.error("Error", "Error occured while loading employee data");

Similarly, you can update all other javascript alerts will toaster notifications for UPDATE and DELETE methods.

Step-6: Run the application.

Click on Add Employee Button. Provide input values in each fields and save the data.

Success-Added

You can see that it will give smooth effective notifications for success and it will fade out after 2 seconds.

Kool 🙂 Isn’t it?

Update Employee

Success-Updated

Delete Employee

Success-Deleted

Code for this article is available on GitHub: https://github.com/sandy060583/AngularJSUsingMVC5-Part4

For more details on toaster, please refer this article: https://github.com/jirikavi/AngularJS-Toaster

That’s all for this article.

Please feel free to provide your feedback and comments.