Chapter 13. The MVC filter pipeline
This chapter covers
- The MVC filter pipeline and how it differs from middleware
- Creating custom filters to refactor complex action methods
- Using authorization filters to protect your action methods
- Short-circuiting the filter pipeline to bypass action execution
- Injecting dependencies into filters
In part 1, I covered the MVC framework of ASP.NET Core in some detail. You learned about MvcMiddleware and how routing is used to select an action method to execute. You also saw model binding, validation, and how to generate a response by returning an IActionResult from your actions. In this chapter, I’m going to head deeper into MvcMiddleware and look at the MVC filter pipeline, sometimes called the MVC action invocation pipeline.
MVC uses a number of built-in filters to handle crosscutting concerns, such as authorization (controlling which users can access which action methods in your application). Any application that has the concept of users will use authorization filters as a minimum, but filters are much more powerful than this single use case.
This chapter describes the MVC filter pipeline in the context of an MVC request. You’ll learn how to create custom filters that you can use in your own apps, and how you can use them to reduce duplicate code in your action methods. You’ll learn how to customize your application’s behavior for specific actions, as well as how to apply filters globally to modify all of the actions in your app.