The ASP.NET MVC Framework Preview 4 has been released and includes some interesting new Action Filter Attributes that help with the infrastructure plumbing that we have to deal with in our web applications. In this case we get some much needed help with security, error handling, and caching by use of 3 Action Filter Attributes - HandleError, Authorize, OutputCache.
HandleError Action Filter Attribute
The HandeError Attribute allows you to specify pretty error pages for unhandled exceptions in your controller classes as opposed to the default error pages provided by ASP.NET.
In the most simple case you can add the HandleError on the controller itself as such:
[HandleError]
public class HomeController : Controller
{
public ActionResult Index()
{
throw new NullReferenceException();
}
public ActionResult About()
{
return View();
}
}
When the NullReferenceException occurs in the Index Action the MVC Framework will look in the Controller's View Folder for a view called "Error" to display to the user. If it cannot find an "Error" View in the Controller's View Folder it will then look in the Shared Folder for a view called "Error" that might be shared among all controllers.
You can get a bit more sophisticated with the HandleError Attribute and specify a separate Error View by Exception Type-
[HandleError(ExceptionType = typeof(NullReferenceException),
View = "NullError")]
[HandleError(ExceptionType = typeof(SecurityException),
View = "SecurityError")]
public class HomeController : Controller
{
public ActionResult Index()
{
throw new NullReferenceException();
}
public ActionResult About()
{
return View();
}
}
This allows you to specify a specific View based on the unhandled exception thrown.
Autthorize Action Filter Attribute
This was one of the first Action Filter Attributes I created for previous version of the MVC Framework. You typically have role based security you need to implement in your web applications or at the minimum only allow authorized users certain functionality. The Authorized Action Filter Attribute allows you to declaratively set security on certain action to either authorized users or users in certain roles.
Again in the simplest case you are allowing only authorized users to execute certain actions. In this case only authorized users can execute the About Action on the HomeController.
public class HomeController : Controller
{
public ActionResult Index()
{
return View();
}
[Authorize]
public ActionResult About()
{
return View();
}
}
If you are using Role-Based Security, you can specify that only certain roles can execute the About Action on the HomeController:
public class HomeController : Controller
{
public ActionResult Index()
{
return View();
}
[Authorize(Roles="Admin, SalesReps")]
public ActionResult About()
{
return View();
}
}
You also have the option of specifying users as well, and of course, you could use the combination of users and roles:
public class HomeController : Controller
{
public ActionResult Index()
{
return View();
}
[Authorize(Users = "John, Bob")]
public ActionResult About()
{
return View();
}
}
If the user has not been authenticated on the website they will be redirected to the Login Page.
OutputCache Action Filter Attribute
The OutputCache Action Filter Attribute allows you to use ASP.NET Output Caching on your MVC Controller Actions. All the usual features apply.
You can just specify a duration for output caching on a particular action. In this case there is a 15 second duration for output caching on the Index Action on the HomeController:
public class HomeController : Controller
{
[OutputCache(Duration = 15)]
public ActionResult Index()
{
ViewData["Message"] = DateTime.Now;
return View();
}
public ActionResult About()
{
return View();
}
}
You can also, for example, vary the output caching by parameter:
public class HomeController : Controller
{
[OutputCache(Duration = 15, VaryByParam = "id")]
public ActionResult Index(string id)
{
ViewData["Message"] = DateTime.Now;
return View();
}
public ActionResult About()
{
return View();
}
}
Conclusion
The new HandleError, Authorize, and OutputCache Action Filter Attributes are a welcome addition to the ASP.NET MVC Framework.