Home/ Questions/Q 8306145
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-08T18:16:18+00:00

some of my controller actions require a user to be authenticated. Those actions are

  • 0

some of my controller actions require a user to be authenticated. Those actions are flagged with a custom [Authorize] attribute. Behind the scene, a custom membership provider does some magic, among which setting some temporary data into the common-thread.

At the end of each action that required an authentication, a call to the OnActionExecuted() filter is required to cleanup the thread. This is done via another custom attribute called [CleanupContext].

So my actions look like this:

[Authorize]
[CleanupContext]
public ViewResult Action()
{
   ...
}

Since those two are always used together, since I am lazy and since I fear that someday one dev might forget to put one or the other and we end up with some weird behavior: is there a way to combine them into one attribute?

[AuthorizeAndCleanup]
public ViewResult Action()
{
   // Aaah, if only it could look like this :D
}

Thanks a lot!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You could derive from AuthorizeAttribute in order to do your custom authorization stuff and implement IActionFilter in order to have access to the OnActionExecuting and OnActionExecuted events (to do your custom cleanup code):

    public class AuthorizeAndCleanupAttribute : AuthorizeAttribute, IActionFilter
{
    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        // TODO: your custom authorization logic
        return base.AuthorizeCore(httpContext);
    }

    public void OnActionExecuted(ActionExecutedContext filterContext)
    {
        // TODO: your custom cleanup code
    }

    public void OnActionExecuting(ActionExecutingContext filterContext)
    {
    }
}

    Obviously you should be aware that neither the OnActionExecuting or the OnActionExecuted events will ever be executed if the authorization fails (a.k.a. the AuthorizeCore method returns false) so make sure you do your cleanup in this method if you are about to return false.

    • 0