Dependency Injection with Ninject and Filter attribute for asp.net mvc
asp.net Mvcasp.net Mvc-3Ninjectasp.net Mvc Problem Overview
I'm writing a custom Authorization Filter for asp.net mvc 3. I need to inject a userservice into the class but I have no idea how to do this.
public class AuthorizeAttribute : FilterAttribute, IAuthorizationFilter
{
private IUserService userService;
private string[] roles;
public AuthorizeAttribute(params string[] roles)
{
this.roles = roles;
}
public void OnAuthorization(AuthorizationContext filterContext)
{
throw new NotImplementedException();
}
}
I'm using ninject for dependency injection. I do not want to use a Factory or service locator pattern.
My bindings look like this in the global.acsx:
internal class SiteModule : NinjectModule
{
public override void Load()
{
Bind<IUserService>().To<UserService>();
}
}
asp.net Mvc Solutions
Solution 1 - asp.net Mvc
See this answer: https://stackoverflow.com/questions/5572257/custom-authorization-mvc-3-and-ninject-ioc/5572752#5572752
If you want to use constructor injection then you need to create an attribute and a filter.
/// Marker attribute
public class MyAuthorizeAttribute : FilterAttribute { }
/// Filter
public class MyAuthorizeFilter : IAuthorizationFilter
{
private readonly IUserService _userService;
public MyAuthorizeFilter(IUserService userService)
{
_userService = userService;
}
public void OnAuthorization(AuthorizationContext filterContext)
{
var validUser = _userService.CheckIsValid();
if (!validUser)
{
filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary { { "action", "AccessDenied" }, { "controller", "Error" } });
}
}
}
Binding:
this.BindFilter<MyAuthorizeFilter>(System.Web.Mvc.FilterScope.Controller, 0).WhenControllerHas<MyAuthorizeAttribute>();
Controller:
[MyAuthorizeAttribute]
public class YourController : Controller
{
// ...
}
Solution 2 - asp.net Mvc
I would highly recommend B Z's answer. DO NOT use [Inject]!
I used an [Inject] like Darin Dimitrov said was possible and it actually caused threading issues under high load, high contention situations in conjunction with .InRequestScope.
B Z's way is also what is on the Wiki and I have seen many places where Remo Gloor (Ninject author) says this is the correct way to do it, e.g. https://github.com/ninject/ninject.web.mvc/wiki/Filter-configurations.
Downvote [Inject] answers in here because seriously you will get burned (probably in production if you don't load test properly beforehand!).
Solution 3 - asp.net Mvc
I found a simple solution for any occasion where construction is not handled by Ninject:
var session = (IMyUserService)DependencyResolver.Current.GetService(typeof (IMyUserService));
Actually this is exactly what I am using with my custom AuthorizeAttribute. Much easier than having to implement a separate FilterAttribute.
Solution 4 - asp.net Mvc
On way would be to use a property injection and decorate the property with the [Inject] attribute:
public class AuthorizeAttribute : FilterAttribute, IAuthorizationFilter
{
[Inject]
public IUserService UserService { get; set; }
private string[] roles;
...
}
Constructor injection doesn't work well with attributes as you will no longer be able to decorate controllers/actions with them. You could only use constructor injection with the filter binding syntax in Ninject:
public class AuthorizeAttribute : FilterAttribute, IAuthorizationFilter
{
private readonly IUserService userService;
private string[] roles;
public AuthorizeAttribute(IUserService userService, params string[] roles)
{
this.userService = userService;
this.roles = roles;
}
...
}
and then:
internal class SiteModule : Ninject.Modules.NinjectModule
{
public override void Load()
{
Bind<IUserService>().To<UserService>();
this.BindFilter<AuthorizeAttribute>(FilterScope.Controller, 0)
.WhenControllerType<AdminController>();
}
}
The BindFilter<> extension method is defined in the Ninject.Web.Mvc.FilterBindingSyntax namespace so make sure you have brought that into scope before calling it on a kernel.