2

We want to set the Thread.CurrentCulture

  • before the ASP.NET MVC model binder / validator runs (of course), but
  • after the user has been authorized (as we want to load the culture from a UserSettings table)

What's the correct extension point we should go for?

An action filter is too late, Global.asax is too early (user not authorized yet). Anyone with a good idea?

D.R.
  • 20,268
  • 21
  • 102
  • 205

2 Answers2

2

You could use the AuthorizationFilter and just extend the build in functionality. At the point of authorization you will be able to tell whether they are authorized or not and perform your logic accordingly.

public class CustomAuthAttribute : AuthorizeAttribute
{
    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        bool isAuthorized = base.AuthorizeCore(httpContext);

        if (isAuthorized)
        {
            // set culture if user is authorized
        }
        else
        {
            // set culture if user is not authorized
        }

        return isAuthorized;
    }
}
asymptoticFault
  • 4,491
  • 2
  • 19
  • 24
  • I did posted posted something with the usual global.asax shenanigan, it's much better and cleaner with a custom `AuthorizationFilter`. – Simon Rapilly Sep 09 '13 at 15:13
  • Is "loading user settings" really a task which should be done in an `AuthorizationFilter`? Isn't this a mismatch of responsibilities? – D.R. Sep 10 '13 at 07:26
  • @SimonRapilly: Why do you think it is cleaner to implement in an AuthorizationFilter? For me, Global.PostAuthorizeRequest sounds cleaner?! – D.R. Sep 10 '13 at 11:55
  • 2
    @D.R. To me "loading user settings" and authorization aren't completely separate concerns since they both deal with a specific user but I could also understand the perspective that the authorization filter may not be the best place for it. As Joe suggested `PostAuthorizeRequest` would probably also be a could place to put your code and I agree that there is nothing wrong with using those events in MVC; MVC is derived from ASP.NET and as such there is nothing wrong with using base functionality just as you would in object inheritance. MVC already uses `Application_Start` for initialization. – asymptoticFault Sep 10 '13 at 12:11
  • Thank you @asymptoticFault, I've upvoted your answer as I like it and your argument is solid! Hope you don't mind that I've marked Joe's answer as accepted, as it is the one I've implemented. – D.R. Sep 10 '13 at 12:29
  • @D.R. Not at all, if that's the answer that worked for you than it should be the one that is accepted :) I appreciate the upvote as well. – asymptoticFault Sep 10 '13 at 13:16
  • Just as a warning: a derived custom authorization filter's `AuthorizeCore()` is not called if you put `[AllowAnonymous]` on the action -> no culture set on anonymously allowed actions -> problem. – D.R. Sep 10 '13 at 13:38
  • @D.R. It's a design issue obviously, but I argue that since the problem is directly linked to the fact the user is authorized or not, it can be integrated directly into the authorization process. That and ,really, custom `AuthorizationFilter` aren't nearly cited as example as they should be. – Simon Rapilly Sep 10 '13 at 15:04
2

Global.asax is too early

Global.asax has events that occur at various points in the request life cycle, some too early (BeginRequest), some too late (EndRequest), and maybe one that is just right for your requirement.

Maybe a handler for PostAuthorizeRequest, or if you want to store stuff in Session, PostAcquireRequestState would do?

Joe
  • 122,218
  • 32
  • 205
  • 338
  • 1
    Allow me to add a link to [this answer](http://stackoverflow.com/a/3072821/2248651) as it's greatly documented on the topic. – Simon Rapilly Sep 09 '13 at 18:29
  • Aren't those ASP.NET events somehow bad practice in ASP.NET MVC? – D.R. Sep 10 '13 at 07:25
  • I don't see why they would be bad practice, though they're probably rarely used. – Joe Sep 10 '13 at 10:07
  • Before I forget: you have to register for that event inside of `Init() `- not inside MVC's `Application_Start()`! – D.R. Sep 10 '13 at 13:19