DelegatingHandler vs HttpOperationHandler – WCF Web APINo Comments
Yesterday Phil Haack wrote a post about Implementing an Authorization Attribute for WCF Web API. We’re doing something similar to handle auth using SimpleWebTokens handled by ACS and found a mix of approaches between Pedro Felix, Howard’s post, Lewis, and Johnny’s team who is also working on something similar. However I was too lazy to read the blogs and thrown this out to twitter knowing that @gblock would give me the answer I wanted in matter of minutes
@woloski: when would you use a delegatingchannel vs httpoperationhandler? I’ve found different samples using both
And indeed he replied. I like things explained in plain English from someone who really knows the thing, so here are the tweets with some color coding to separate one from the other.
NOTE: make sure to also read Glenn’s post which goes into much more detail.
@gblock: there are significant diffs. One is for pure http request / resp related concerns (message handlers) the other for app level
@gblock: one is global / knows nothing about the service the other does knows about the service.
@gblock: one is a Russian doll allowing pre-post handling, the other is a sequential pipeline.
@gblock: one handles model binding type scenarios (operation handlers) the other does not
@gblock: one is async (message handlers) the other is sync. So if you have something io bound use message handlers
@gblock: for cross cutting http concerns like etags, or if-none-match use message handlers.
@gblock: for validation / logging of app data use operation handlers. For security you might use both as Howard did for Oauth
@gblock: if it is truly cross cutting and doesn’t require details about the operation itself like parameter values.
@gblock: message handlers can handle requests dynamically ie they can handle a request to \foo without an op foo
@gblock: architecturally I think they make sense even though there is some overlap. HTTP concerns vs app concerns is the line.
For our case we will use HttpOperationHandlers because we want access to the operation to check that it contains an attribute.