0

I have created a base controller that houses a UnitOfWork so that I don't have to new it up all the time . Within this controller I have also added three action filters that I want to run every request:

[ElmahLogFilter]
[LoggingActionFilter]
[RequestValidationFilter]
public class BaseController : ApiController
{
    private UnitOfWork _unitOfWork;
    public UnitOfWork UnitOfWork
    {
        get { return _unitOfWork ?? (_unitOfWork = new UnitOfWork()); }
    }
}

Then I just have a controller defined like so:

[System.Web.Http.Authorize(Roles = "Host, Guest")]
public class MeetingController : BaseController
{
    //Code in here
}

However none of the ActionFilters will execute when making a request. I have ensured that each ActionFilter works off of the System.Web.Http.Filters namespace to not conflict with the MVC version. This is what one of my filters looks like:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Http.Filters;

public class LoggingActionFilter : ActionFilterAttribute
{
    public override void OnActionExecuted(HttpActionExecutedContext actionExecutedContext)
    {
        //Logging Code Here
        base.OnActionExecuted(actionExecutedContext);
    }
}

I have spent a while on this trying simply to execute one action filter but no dice so far. Is there anything I'm missing?

Edit: As soon as I remove the [Authorize] attribute, the filters work. But it is important to ensure that roles are adhered to here.

Jono_2007
  • 1,016
  • 3
  • 12
  • 23

2 Answers2

0

This may help: How does inheritance work for Attributes?

This also may help: How to add global ASP.Net Web Api Filters?

If you want these filters to execute on every request, doing something like this during Application_Start is probably your best bet:

GlobalConfiguration.Configuration.Filters.Add(new ElmahLogFilter());
GlobalConfiguration.Configuration.Filters.Add(new LoggingActionFilter());
GlobalConfiguration.Configuration.Filters.Add(new RequestValidationFilter());
Community
  • 1
  • 1
danludwig
  • 46,965
  • 25
  • 159
  • 237
  • Sadly doesn't seem to make a difference if I add these into the Global.asax. I have updated my question with an edit if that makes any difference? – Jono_2007 Dec 07 '14 at 21:16
0

Authorization filter runs before action filters and if the identity is not authorized, pipeline will be short-circuited. That is, in your case, if the user is not in the required roles, none of the action filters or the action method itself will run.

Badrinarayanan Lakshmiraghavan
  • 19,159
  • 4
  • 62
  • 61