Dependency Injection with Ninject and Filter attribute for asp.net mvc

56
votes

I'm writing a custom Authorization Filter for asp.net mvc 3. I need to inject a userservice into the class but I have no idea how to do this.

public class AuthorizeAttribute : FilterAttribute, IAuthorizationFilter
{
    private IUserService userService;
    private string[] roles;

    public AuthorizeAttribute(params string[] roles)
    {
        this.roles = roles;
    }

    public void OnAuthorization(AuthorizationContext filterContext)
    {
        throw new NotImplementedException();
    }
}

I'm using ninject for dependency injection. I do not want to use a Factory or service locator pattern.

My bindings look like this in the global.acsx:

    internal class SiteModule : NinjectModule
    {
        public override void Load()
        {
            Bind<IUserService>().To<UserService>();
        }
    }
4
asp.net-mvcasp.net-mvc-3ninject
Are you sure you don't want to use factory? In that case you have to keep a reference to kernel in your Application class, and manually Get<IUserService>() in controller constructor. In Mvc 3 factory really makes sense as you are overriding the original one. There are ninject nugets for this also.jakubmal
Jakubmal, could you make an answer using factories then?Shawn Mclean

4 Answers

82
votes

See this answer:

Custom Authorization MVC 3 and Ninject IoC

If you want to use constructor injection then you need to create an attribute and a filter.

///marker attribute
public class MyAuthorizeAttribute : FilterAttribute { }

//filter
public class MyAuthorizeFilter : IAuthorizationFilter
{
      private readonly IUserService _userService;
      public MyAuthorizeFilter(IUserService userService)
      {
          _userService = userService;
      }

      public void OnAuthorization(AuthorizationContext filterContext)
      {
          var validUser = _userService.CheckIsValid();

          if (!validUser)
          {
              filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary { { "action", "AccessDenied" }, { "controller", "Error" } });
          }
      }
}

Binding:

this.BindFilter<MyAuthorizeFilter>(System.Web.Mvc.FilterScope.Controller, 0).WhenControllerHas<MyAuthorizeAttribute>();

Controller:

[MyAuthorizeAttribute]
public class YourController : Controller
{

}

HTH...

11
votes

I would highly recommend B Z's answer. DO NOT use [Inject]!

I used an [Inject] like Darin Dimitrov said was possible and it actually caused threading issues under high load, high contention situations in conjunction with .InRequestScope.

B Z's way is also what is on the Wiki and I have seen many places where Remo Gloor (Ninject author) says this is the correct way to do it

https://github.com/ninject/ninject.web.mvc/wiki/Filter-configurations

Downvote [Inject] answers in here because seriously you will get burned (probably in production if you don't load test properly prior!)

9
votes

I found a simple solution for any occasion where construction is not handled by Ninject:

var session = (IMyUserService)DependencyResolver.Current.GetService(typeof (IMyUserService));

Actually this is exactly what I am using with my custom AuthorizeAttribute. Much easier than having to implement a separate FilterAttribute.

8
votes

On way would be to use a property injection and decorate the property with the [Inject] attribute:

public class AuthorizeAttribute : FilterAttribute, IAuthorizationFilter
{
    [Inject]
    public IUserService UserService { get; set; }

    private string[] roles;

    ...
}

Constructor injection doesn't work well with attributes as you will no longer be able to decorate controllers/actions with them. You could only use constructor injection with the filter binding syntax in NInject:

public class AuthorizeAttribute : FilterAttribute, IAuthorizationFilter
{
    private readonly IUserService userService;

    private string[] roles;

    public AuthorizeAttribute(IUserService userService, params string[] roles)
    {
        this.userService = userService;
        this.roles = roles;
    }

    ...
}

and then:

internal class SiteModule : Ninject.Modules.NinjectModule
{
    public override void Load()
    {
        Bind<IUserService>().To<UserService>();

        this.BindFilter<AuthorizeAttribute>(FilterScope.Controller, 0)
            .WhenControllerType<AdminController>();
    }
}

The BindFilter<> extension method is defined in the Ninject.Web.Mvc.FilterBindingSyntax namespace so make sure you have brought that into scope before calling it on a kernel.