Filters are code injected into request processing. There can be many categories of filters: authorization, caching, logging, exception, and more. The filters are executed after ActionInvocation, and after the middleware is executed on the ASP.NET Core pipeline.
Here is the filter pipeline from the official ASP.NET Core documentation:
They can be applied at action or controller level as attributes, or at application level as global filters added in the global filter list in Startup.cs
.
We can also control the order in which filters are executed on the same action.
We can create synchronous and asynchronous filters, but we should never mix both to avoid side effects.
There are predefined filters, and there are filters we create:
- Predefined filters (they are used at action and controller levels):
[AllowAnonymous]
[Authorize]
[FormatFilter]
[TypeFilter(typeof(MyFilterAttribute))]
[ServiceFilter(typeof(MyFilterAttribute))]
- Filters we create (global or not):
- Action filters (deriving from
IActionFilter...
- Action filters (deriving from