Override filters in ASP.NET Web API 2

You can now override which filters apply to a given action method or controller, by specifying an override filter. Override filters specify a set of filter types that should not run for a given scope (action or controller). This allows you to add global filters, but then exclude some from specific actions or controllers.

Key Features

  • Override filters disable higher-scoped filters of a given type.
  • Use an override when you want to vary the filter pipeline for a single action method so that controller-level and global filters won’t be executed.
  • Override filters do not affect filters applied at the same scope.

The Built-in Override Filter Attributes are

  • OverrideAuthenticationFilters – Prevents authentication filters from being executed
  • OverrideAuthorizationFilters – Prevents authorization filters from being executed
  • OverrideActionFilters – Prevents action filters from being executed
  • OverrideExceptionFilters – Prevents exception filters from being executed

Let us understand this with some example, how we can override Authorization Filter.

Example-1 : Overriding Controller wide Authorization

I applied an authorization filter to the Employee controller so that it applies to all of the action methods and then applies the OverrideAuthorizationFilters attribute to disable authorization for one of them.


using System.Collections.Generic;
using System.Linq;
using System.Web.Http;
using System.Net;
using System;

namespace WEBAPI2Demo.Controllers
{
    public class Employee
    {
        public int EmployeeID { get; set; }
        public string FirstName { get; set; }
        public string  LastName { get; set; }
    }

    [Authorize(Roles = "admins")]
    public class EmployeeController : ApiController
    {
         private static List<Employee> employees = new List<Employee>
	 { 

		new Employee { EmployeeID = 1, FirstName = "Sandeep", LastName = "Ramani" }                

	 };

        [OverrideAuthorization]
        public IEnumerable<Employee> Get()
        {
            return employees;
        }

        public Employee Get(int id)
        {
            return employees[id];
        }

        public Employee Post(Employee emp)
        {
            emp.EmployeeID = employees.Count + 1;
            employees.Add(emp);
            return emp;
        }
    }
}

The effect of the Authorize attribute is to restrict all of the action methods in the Employee controller so they can be accessed only by authenticated users who have been assigned to the admins role.

The effect of applying the OverrideAuthorization attribute to the parameter less version of the Get action method is to prevent execution of all authorization filters for that action method, which means that any request is able to invoke the action.

Example-2 : Redefining Authorization

Override filters affect filters only at the previous scope, which means you can apply attributes of the overridden type at the same level as the override, and they will be executed.

Let us update previous example and add Authorization to restrict action method to role users only.


using System.Collections.Generic;
using System.Linq;
using System.Web.Http;
using System.Net;
using System;

namespace WEBAPI2Demo.Controllers
{
    public class Employee
    {
        public int EmployeeID { get; set; }
        public string FirstName { get; set; }
        public string  LastName { get; set; }
    }

    [Authorize(Roles = "admins")]
    public class EmployeeController : ApiController
    {
        private static List<Employee> employees = new List<Employee>
	{ 

		new Employee {EmployeeID = 1, FirstName = "Sandeep", LastName = "Ramani" }                

	};

        [OverrideAuthorization]
	[Authorize(Roles="users")]
        public IEnumerable<Employee> Get()
        {
            return employees;
        }

        public Employee Get(int id)
        {
            return employees[id];
        }

        public Employee Post(Employee emp)
        {
            emp.EmployeeID = employees.Count + 1;
            employees.Add(emp);
            return emp;
        }
    }
}

I have applied the Authorize filter to the Get method, specifying that only authenticated users who have been assigned to the users role are allowed to invoke the action method. Without the OverrideAuthorization attribute, the filter pipeline would contain both Authorize attributes, and they would be executed one after the other, creating a combined effect of restricting access to those users who have been assigned to both the admins and users roles.

But with the OverrideAuthorization, the controller-scoped Authorize attribute is removed from the pipeline, meaning that only the Authorize filter applied directly to the action method will be used: the effect is to restrict access to the users role.

Similarly, you can use other Override Filters for Authentication, Actions and Exceptions in WEB API Services in your projects.

Advertisements

ASP.NET 5 and AngularJS

Stephen Walther has written multiple part blog series on building ASP.NET 5 (ASP.NET vNext) apps with AngularJS. In this series of blog posts, he shown how you can create a simple Movie app using ASP.NET 5, MVC 6, and AngularJS. Go ahead and read these interesting and informative articles which will add to your learning of ASP.NET 5 with AngularJS.

Following are the topic and link of each blog posts:  

You can download the code discussed in this blog post from GitHub:

https://github.com/StephenWalther/MovieAngularJSApp

Hope this will help !!!

WCF Is Dead and Web API Is Dying – Long Live MVC 6 !!!

There are many reasons why WCF has lost its luster, but the bottom line is that WCF was written for a bygone era and the world has moved on. There are some narrow use cases where it still might make sense to use WCF, for example, message queuing applications where WCF provides a clean abstraction layer over MSMQ, or inter / intra process applications where using WCF with named pipes is a better choice than .NET Remoting. But for developing modern web services, WCF is as dead as a doornail.

Didn’t get the memo? Unfortunately, Microsoft is not in the habit of annoucing when they are no longer recommending a specific technology for new application development. Sometimes there’s a tweet, blog post or press release, as when Bob Muglia famously stated that Microsoft’s Silverlight strategy had “shifted,” but there hasn’t to my knowledge been word from Microsoft that WCF has been quietly deprecated.

One reason might be that countless web services have been built using WCF since its debut in 2007 with .NET 3.0 on Windows Vista, and other frameworks, such as WCF Data Services, WCF RIA Services, and self-hosted Web API’s, have been built on top of WCF. Also, if you need to interoperate with existing SOAP-based web services, you’re going to want to use WCF rather than handcrafted SOAP messages.

Read full article by Tony Sneed – Click Here.

In summary, you should avoid WCF like the plague if you want to develop REST-ful web services with libraries and tools that support modern development approaches and can be readily consumed by a variety of clients, including web and mobile applications.  However, you’re going to want to skip right over ASP.NET Web API and go straight to ASP.NET 5, so that you can build cross-platform web services that are entirely host-independent and can achieve economies of scale when deployed to the Cloud.

Hope this will help !!!

Security in Web APIs-Basic Authentication and Token based custom Authorization in Web APIs using Action Filters

In this article Akhil Mittal has explained how to make WebAPI secure using Basic Authentication and Token based authorization.

Read Full Article : http://www.codeproject.com/Articles/1005485/RESTful-Day-sharp-Security-in-Web-APIs-Basic

Hope this will help !!!!!

Action filters, service filters and type filters in ASP.NET 5 and MVC 6

Today, let’s have a look at he area of filters in ASP.NET MVC 6 – because it actually contains quite a few interesting changes compared to classic MVC and Web API filter pipelines.

Let’s leave the specialized filters (error filters, authorization filters) on a side for now, and focus instead on the functional, aspect oriented, filters. Aside from the good old action filters, known from both MVC and from Web API, there are two new types of filters (or rather filter factories, but we’ll get there) that you can use – ServiceFilters and TypeFilters.

Read Full Article : http://www.strathweb.com/2015/06/action-filters-service-filters-type-filters-asp-net-5-mvc-6/

Hope this will help !!!!!