Had issues with an implementation of filters in an ASP Core application, so I made a small test application to check how different filters behave. Below is my source and my findings.
- CustomAuthorisationFilterAttribute is an ActionFilterAttribute, the simplest implementation of a filter which does not allow dependencies injected
- CustomTypeFilterAttribute is TypeFilterAttribute, a more complex filter which allows dependency injection
- CustomApplicationFilter is a filter which uses an extension to add custom middleware to the request chain on demand. It allows dependencies but causes problems with exceptions which occur in the action, masking the stack trace and making it look like all exceptions occur in the middleware
Basic finding are that you should not use custom middleware as filters, since it causes side effects in exception handling in your application.