Is there a way to create an ActionFilter that wraps the content of the Action in a using statement?

Question

My scenario: My application is a Web Api 2 app using a business logic and repository layer for data access. The web application uses ASP.NET Impersonation to login to the database as the user accessing the website (authenticated via PKI). I have several async controller methods. However, when I await on the data access methods, the database call may complete on a different thread which will then access the database under the identity of my application pool which is not allowed to connect to the database.

Example Controller:

public class TestApiController : ApiController {
    private IBusinessLogicObject _myBlObject;

    public TestApiController(IBusinessLogicObject myBlObject){
        _myBlObject = myBlObject; //Populated through Unity
    }

    public async Task<int> CountMyJobs(string name){
        return await _myBlObject.CountMyJobsAsync(name);
    }
}

Example Business Logic Class:

public class BusinessLogicObject : IBusinessLogicObject
{
    private IGenericRepository<Job> _jobRepository;

    public BusinessLogicObject(IGenericRepository<Job> _jobRepository)
    {
        _jobRepository = jobRepository; //Populated with Unity
    }

    public Task<int> CountMyJobsAsync(string name)
    {
        using (WindowsIdentity.GetCurrent().Impersonate())
        {
            //JobRepository is effectively a DbSet<Job> and this call returns IQueryable<Job>
            return _jobRepository.Where(i => i.Name == name).CountAsync();
        }        
    }
}

If I move the using statement into the controller (wrapped around the await), it works fine.

The issue seems to be that because the await is outside of the impersonation context, it does not impersonate the database call (the CountAsync()) and I am unable to open a connection to my database.

The Question:

Is there a way I could write an ActionFilter or some other attribute on my controller method so that the method itself (containing the await call) would be automatically wrapped in the using statement?

score 2 · Answer 1 · answered May 23 '14 at 16:45

merpmerp's answer is going to be problematic in multi-threaded servers. Since there is only one instance of an ActionFilterAttribute per decorated method, two simultaneous requests to the same method will result in usingVariable being overwritten, and only one will end up being disposed.

You'll need to take this a step further and store the ImpersonationContext somewhere in the request context-- e.g. in filterContext.Request.Properties.

score 1 · Answer 2 · answered Apr 25 '14 at 18:07

I don't believe there is a way to actually wrap a method in a using statement with an attribute, but you could essentially do the same thing by using the OnActionExecuting and OnResultExecuted methods in a custom ActionFilter.

public class IdentityImpersonateActionFilter : ActionFilterAttribute
{
    IDisposable usingVaribale;

    public override void OnActionExecuting(ActionExecutingContext filterContext)
    {
        usingVaribale = WindowsIdentity.GetCurrent().Impersonate();
    }

    public override void OnResultExecuted(ResultExecutedContext filterContext)
    {
        usingVaribale.Dispose();
    }
}

Then you could decorate your methods or your whole controller class with [IdentityImpersonate]

[IdentityImpersonate]    
public Task<int> CountMyJobsAsync(string name)
{
    //JobRepository is effectively a DbSet<Job> and this call returns IQueryable<Job>
    return _jobRepository.Where(i => i.Name == name).CountAsync();  
}

You could also access this using variable in your function if you wish

public override void OnActionExecuting(ActionExecutingContext filterContext)
{
    usingVaribale = WindowsIdentity.GetCurrent().Impersonate();
    filterContext.ActionParameters.Add("parameterName", usingVaribale);
}

And add the parameter to your controller function

[IdentityImpersonate]    
public Task<int> CountMyJobsAsync(object parameterName, string name)
{
    //JobRepository is effectively a DbSet<Job> and this call returns IQueryable<Job>
    return _jobRepository.Where(i => i.Name == name).CountAsync();  
}

Hope this helps!

score 0 · Answer 3 · answered Apr 25 '14 at 17:52

0

If you want to keep the impersonation the responsibility of the business logic, then you can just do this:

public async Task<int> CountMyJobsAsync(string name)
{
    using (WindowsIdentity.GetCurrent().Impersonate())
    {
        return await _jobRepository.Where(i => i.Name == name).CountAsync()
            .ConfigureAwait(false);
    }
}

answered Apr 25 '14 at 17:52

Stephen Cleary

437,863
77
675
810

What does the `.ConfigureAwait(false)` call do? – Adam Modlin Apr 25 '14 at 18:09
It's just avoiding the overhead of re-entering the ASP.NET request context until it's actually needed further up the stack. – Stephen Cleary Apr 25 '14 at 18:17
Unfortunately, this does not fix the problem. It still executes the database call as the application pool identity and not as the impersonated identity. – Adam Modlin Apr 25 '14 at 18:34
Does it work if you use `Count` instead of `CountAsync`? – Stephen Cleary Apr 25 '14 at 19:00

Is there a way to create an ActionFilter that wraps the content of the Action in a using statement?

3 Answers3