Order of Operations and AuthProviders

jezzsantos · December 28, 2017, 9:21pm

If I have a custom AuthProvider that implements IAuthWithRequest, does the IAuthWithRequest.PreAuthenticate method get called before any GlobalRequestFilters get executed?

I have some code that is currently in a GlobalRequestFilter that needs to run before any IAuthWithRequest.PreAuthenticate methods.
This code simply needs to inject the IRequest into a property of a dependency in the container (which implements IRequiresRequest) and then call some useful methods. (as you can see below)

GlobalRequestFilters.Add((request, response, dto) =>
            {
                var myThing = request.TryResolve<IMyThing>();
                var hasRequest = myThing as IRequiresRequest;
                if (hasRequest != null)
                {
                    hasRequest.Request = request;
                }
                var thing = myThing.DoSomethingUseful();
                ...
            });

So, am trying to figure out whether I need to to move that code further up the request pipeline or not, and to where.

jezzsantos · December 28, 2017, 10:58pm

Should converting my GlobalRequestFilter to a PreRequestFilter solve my problem?

mythz · December 29, 2017, 12:31am

The PreAuthenticate() method is called by the [Authenticate] attribute which has a priority of -100 which executes before any attributes with a priority higher than -100 and GlobalRequestFilters which are executed after any filter attributes with a priority < 0.

So you can either add an additional Request Filter Attribute with a priority < -100 or yeah you can use a PreRequestFilter which are executed before the request is deserialized and any request filters.