Injecting dependencies into custom Web API action filter attribute with Autofac

Asked 25/4, 2014 at 19:15 Answered 3/8, 2018 at 18:33

Solved asp.net-mvc asp.net-web-api dependency-injection autofac action-filter

I'm trying to resolve the dependencies of my custom AuthorizeAttribute which I use to decorate my API controllers in an MVC4 app. Problem is that I keep getting a NullReferenceException on the service dependency I use within my custom filter. Here is my Autofac configuration:

public static class WebApiConfig
{
    public static void Register(HttpConfiguration config)
    {
        var builder = new ContainerBuilder();
        builder.RegisterApiControllers(Assembly.GetExecutingAssembly());
        builder.RegisterType<UnitOfWork>().As<IUnitOfWork>().InstancePerApiRequest();
        builder.RegisterType<DatabaseFactory>().As<IDatabaseFactory>().InstancePerApiRequest();
        builder.RegisterAssemblyTypes(typeof(UserProfileRepository).Assembly)
            .Where(t => t.Name.EndsWith("Repository"))
            .AsImplementedInterfaces().InstancePerApiRequest();

        builder.RegisterAssemblyTypes(typeof(IUserProfileMapper).Assembly)
            .Where(t => t.Name.EndsWith("Mapper"))
            .AsImplementedInterfaces().InstancePerApiRequest();

        builder.RegisterAssemblyTypes(typeof(UserProfileSvc).Assembly)
            .Where(t => t.Name.EndsWith("Svc"))
            .AsImplementedInterfaces().InstancePerApiRequest();

        builder.RegisterWebApiFilterProvider(config);
        var container = builder.Build();
        var resolver = new AutofacWebApiDependencyResolver(container);
        config.DependencyResolver = resolver;
    }
}

and my custom authorize filter:

public class MyAuthorizeAttribute : AuthorizeAttribute
{
    public IAuthenticationSvc _authenticationSvc;
    protected override bool IsAuthorized(System.Web.Http.Controllers.HttpActionContext actionContext)
    {
        if (!base.IsAuthorized(actionContext))
        {
            return false;
        }
        var trueUserId = WebSecurity.CurrentUserId;

        if (_authenticationSvc.GetUsersRoles(trueUserId).Any(x => x == "Admin")) return true;
        // NullReferenceException on _authenticationSvc
     }
}

According to the official docs all that is needed is:

var builder = new ContainerBuilder();
builder.RegisterWebApiFilterProvider(GlobalConfiguration.Configuration);

But that doesn't seem to do the trick either. Appreciate any help.

Soutache answered 25/4, 2014 at 19:15 Comment(2)

I think _authenticationSvc needs to be a property not a field – Crone 26/4, 2014 at 14:42

@Crone Now it gives me this exception:

No scope with a Tag matching 'AutofacWebRequest' is visible from the scope in which the instance was requested. This generally indicates that a component registered as per-HTTP request is being requested by a SingleInstance() component (or a similar scenario.) Under the web integration always request dependencies from the DependencyResolver.Current or ILifetimeScopeProvider.RequestLifetime, never from the container itself.

– Soutache 26/4, 2014 at 15:18

You should configure property injection for your attribute

public class MyAuthorizeAttribute : AuthorizeAttribute
{
    public IAuthenticationSvc AuthenticationSvc { get; set; }
}

and the builder

builder.RegisterType<MyAuthorizeAttribute>().PropertiesAutowired();

Diagonal answered 29/4, 2014 at 5:55 Comment(2)

I think this answer may work but it's not the correct one. Because 'AuthorizeAttribute' and totally filters in webApi have one instance and if you have simultaneous requests it may make some problems. In fact, it's not a thread-safe solution. Am I right? – Dimenhydrinate 14/5, 2018 at 6:51

@MohammadRezaDaghestani I believe you are right as that's the issue I am facing atm. – Peripteral 25/9, 2019 at 0:9

I think Autofac's documentation offers much simpler solution for WebApi action filters.

public interface ServiceCallActionFilterAttribute : ActionFilterAttribute
{
  public override void OnActionExecuting(HttpActionContext actionContext)
  {
    // Get the request lifetime scope so you can resolve services.
    var requestScope = actionContext.Request.GetDependencyScope();

    // Resolve the service you want to use.
    var service = requestScope.GetService(typeof(IMyService)) as IMyService;

    // Do the rest of the work in the filter.
    service.DoWork();
  }
}

It is not "pure DI" as it is using service locator, but it is simple and works with the request scope. You don't need to worry about registering specific action filter for each WebApi controller.

Source: http://autofac.readthedocs.io/en/latest/integration/webapi.html#provide-filters-via-dependency-injection

Walleyed answered 4/2, 2017 at 23:2 Comment(5)

I'd have to say I prefer this over property injection. – Marika 25/4, 2018 at 19:13

It's nice an easy to understand, but if you intent to write tests, property injection is an easier solution. – Incommodity 9/5, 2018 at 23:59

@PhilCooper you'll end up having problems with such filter during unit testing. how are we supposed to mock it then? – Assyrian 24/10, 2018 at 10:49

@AlexHerman you could provide a constructor your tests would use which would provide the mechanism Func<HttpActionContext, IService> serviceFactory for resolving types while your default (empty) constructor would simply use the example above. actionContext => actionContext.Request.GetService(typeof(IMyService)) as IMyService. – Marika 24/10, 2018 at 12:17

worked now, i forgot to register my service in AutoFac – Conjugal 28/12, 2018 at 7:10

You should configure property injection for your attribute

public class MyAuthorizeAttribute : AuthorizeAttribute
{
    public IAuthenticationSvc AuthenticationSvc { get; set; }
}

and the builder

builder.RegisterType<MyAuthorizeAttribute>().PropertiesAutowired();

Diagonal answered 29/4, 2014 at 5:55 Comment(2)

@MohammadRezaDaghestani I believe you are right as that's the issue I am facing atm. – Peripteral 25/9, 2019 at 0:9

In addition to @Toan Nguyen's answer, if you have this...

public class MyAuthorizeAttribute : AuthorizeAttribute
{
    public IAuthenticationSvc AuthenticationSvc { get; set; }
}

... it seems you also need (or may need) the first line below:

builder.RegisterFilterProvider();
builder.RegisterType<MyAuthorizeAttribute>().PropertiesAutowired();

Reference: http://itprojectpool.blogspot.com.au/2014/03/autofac-di-on-action-filters.html

Involuntary answered 19/11, 2014 at 0:28 Comment(2)

Yep, that first line fixed it for me. – Bakst 6/7, 2016 at 18:26

Well, this is for MVC right? The example code in the question is for the WebAPI registration. Although the question is tagged for MVC, too, so this information is pertinent, it should just be clear that the RegisterFilterProvider method is the MVC equivalent to RegisterWebApiFilterProvider I think – Peggypegma 10/2, 2018 at 9:16

In addition to configuring property injection, as outlined in other answers, you can also explicitly resolve dependencies in the OnActivating callback.

public class MyAuthorizeAttribute : AuthorizeAttribute
{
    private IAuthenticationSvc _authenticationSvc;
    public void SetAuthenticationSvc(IAuthenticationSvc svc)
    {
       this._authenticationSvc = svc;
    }
}

And then register the type:

builder.RegisterType<MyAuthorizeAttribute>()
    .OnActivating(_ => _.Instance.SetAuthenticationSvc(_.Context.Resolve<IAuthenticationSvc>()));

Note: You can do the same with a property instead of a method. I chose to use a method here only to illustrate that this solution was not dependent on PropertiesAutowired.

Typhon answered 3/8, 2018 at 18:33 Comment(0)

Recommended topics

Hot tags