Dependency Injection in attributes

by

You should prevent doing dependency injection into attributes completely. The reason for this is explained in this article: Dependency Injection in Attributes: don’t do it!. In summary the article explains that:

  • Constructor injection is not possible, because creation of an Attribute instance cannot be intercepted; the CLR is in control.
  • The use of property injection is fragile, since it results in Temporal Coupling, which should be prevented.
  • Dependency injection into attributes makes it impossible to verify
    the correctness of the container’s configuration.
  • Frameworks like MVC and Web API cache attributes, making it very easy to accidentally create captive dependencies causing bugs.

You have two choices here:

  1. Make the attributes passive, by splitting the data (the attribute) from its behavior (the service) as explained in the referenced article and this related article from Mark Seemann.
  2. Turn your attributes into humble objects as explained in this answer. This means you:
    1. extract all logic from the attribute into a custom service that contains all dependencies.
    2. Register that service in your container.
    3. let the attribute’s method (AuthorizeCore in your case) do nothing more than resolving the service from the service locator / DependencyResolver and call the service’s method. Important to note here is that you cannot do constructor injection, property injection and the service cannot be stored in the attributes private state (as you already noticed).

Which option to use:

  • Use option 1 if you are very keen into keeping your design clean, or you have more than a few attributes that you need to apply this way, or you want to apply attributes are defined in an assembly that doesn’t depend on System.Web.Mvc.
  • Use option 2 otherwise.

More Related Contents:

  1. How do the major C# DI/IoC frameworks compare? [closed]
  2. Dependency Injection Unity – Conditional Resolving
  3. Questions about using Ninject
  4. Make sure that the controller has a parameterless public constructor error
  5. Injecting dependencies into ASP.NET MVC 3 action filters. What’s wrong with this approach?
  6. Can I pass constructor parameters to Unity’s Resolve() method?
  7. How to use dependency injection with an attribute?
  8. How do I log a user out when they close their browser or tab in ASP.NET MVC?
  9. How to implement custom authentication in ASP.NET MVC 5
  10. Is IDependencyResolver an anti-pattern?
  11. Configure Unity DI for ASP.NET Identity
  12. log4net with DI Simple Injector
  13. Null User on HttpContext obtained from StructureMap
  14. Exception is: InvalidOperationException – The current type, is an interface and cannot be constructed. Are you missing a type mapping?
  15. Making a Simple Ajax call to controller in asp.net mvc
  16. URL-encoded slash in URL
  17. ASP.NET MVC Razor pass model to layout
  18. Determine if uploaded file is image (any format) on MVC
  19. Passing object in RedirectToAction
  20. ASP.NET MVC Authorization
  21. ASP.NET MVC 4 + Ninject MVC 3 = No parameterless constructor defined for this object
  22. How to allow an anonymous user access to some given page in MVC?
  23. Can Unity be made to not throw SynchronizationLockException all the time?
  24. ASP.NET Core middleware vs filters
  25. The HTTP request is unauthorized with client authentication scheme ‘Negotiate’. The authentication header received from the server was ‘NTLM’
  26. Prevent from displaying of Windows Security window
  27. {version} wildcard in MVC4 Bundle
  28. Razor/CSHTML – Any Benefit over what we have? [closed]
  29. Could not load file or assembly System, Version=2.0.5.0 in .NET 4 MVC 4 application
  30. Multiple Models in a Single View (C# MVC3)

Leave a Comment