Search code examples
c#asp.net-core.net-coreaction-filter

ActionFilter not being called WebAPI/.netCore

I have a web API app written in .NETCore and all I want is to intercept the request using an action filter and then validate the JWT token in the from the header. I Have written an ActionFilter which looks like the following:

using Microsoft.AspNetCore.Mvc.Filters;
using Newtonsoft.Json;

namespace Applciation.ActionFilters
{
    public class AuthorizeJWT: ActionFilterAttribute, IActionFilter
    {
        void IActionFilter.OnActionExecuting(ActionExecutingContext context)
        {
            var jwt = context.HttpContext.Request.Headers["JWT"];

            try
            {
                var json = new JwtBuilder()
                    .WithSecret(File.ReadLines("").ToList().First())
                    .MustVerifySignature()
                    .Decode(jwt);                    

                var tokenDetails = JsonConvert.DeserializeObject<dynamic>(json);
            }
            catch (TokenExpiredException)
            {
                throw new Exception("Token is expired");
            }
            catch (SignatureVerificationException)
            {
                throw new Exception("Token signature invalid");
            }
            catch(Exception ex)
            {
              throw new Exception("Token has been tempered with");
            }
        }
    }
}

Now, I added the action filter in services config like below:

services.AddScoped<AuthorizeJWT>();

and decorated my controller like below:

 [AuthorizeJWT]            
    public virtual async Task<IActionResult> Ceate([FromBody]CreateDto,createDto)
{
   //method body
}

But for some reason, my action filter is just not being called. Is there anything that I am missing from the configuration?

Solution

  • The definition of your ActionFilter is incorrect. You only need to derive from the ActionFilterAttribute class and not the interface IActionFilter as the ActionFilterAttribute class already implements that interface.

    If you remove the interface from the inheritance and then change your OnActionExecuting method definition to override the base class implementation then everything will work as expected:

    using Microsoft.AspNetCore.Mvc.Filters;
using Newtonsoft.Json;

namespace Applciation.ActionFilters
{
    public class AuthorizeJWT: ActionFilterAttribute
    {
        public override void OnActionExecuting(ActionExecutingContext context)
        {
            var jwt = context.HttpContext.Request.Headers["JWT"];

            try
            {
                var json = new JwtBuilder()
                    .WithSecret(File.ReadLines("").ToList().First())
                    .MustVerifySignature()
                    .Decode(jwt);                    

                var tokenDetails = JsonConvert.DeserializeObject<dynamic>(json);
            }
            catch (TokenExpiredException)
            {
                throw new Exception("Token is expired");
            }
            catch (SignatureVerificationException)
            {
                throw new Exception("Token signature invalid");
            }
            catch(Exception ex)
            {
              throw new Exception("Token has been tempered with");
            }
        }
    }
}