from:http://odetocode.com/blogs/scott/archive/2011/01/17/http-modules-versus-asp-net-mvc-action-filters.aspx

Monday, January 17, 2011

ASP.NET MVC has , while ASP.NET has . Inside their respective processing pipelines, these abstractions serve similar purposes, and I've heard the following question a few times:

When should I write an HTTP module and when should I write an action filter?

If you are creating an MVC application then I'll almost always recommend going with an action filter instead of an HTTP module. This is my recommendation even if the functionality you are creating is generic enough to work from inside a module (in other words, it doesn't depend on MVC specific pipeline stages, like the pre and post processing of action invocation). Filters are closely aligned with the MVC infrastructure and vocabulary, and filters are the first thing someone will look for when they want to see how you've implemented cross-cutting functionality in MVC.

On the other hand, an HTTP module is something you can reuse in any type of ASP.NET application. Witness the flexibility of  - just drop an assembly in the bin directory, tweak a config file, and wait for elmah to record errors across an entire application. This configurable flexibility isn't something you can do with filters out of the box, but we’ll see tomorrow how easy it is to add.

另外一个参考

from http://stackoverflow.com/questions/13550453/mvc-3-4-httpmodule-or-actionfilter

MVC is an abstraction over ASP.NET and therefore their "hooks" really depend at which level you want to inject your logic. An action filter will allow you to hook into MVC specific events:

• OnActionExecuting – This method is called before a controller action is executed.
• OnActionExecuted – This method is called after a controller action is executed.
• OnResultExecuting – This method is called before a controller action result is executed.
• OnResultExecuted – This method is called after a controller action result is executed.

Whereas an HttpModule only allows you to hook into ASP.NET (upon which MVC is built) specific events:

• BeginRequest - Request has been started. If you need to do something at the beginning of a request (for example, display advertisement banners at the top of each page), synchronize this event.
• AuthenticateRequest - If you want to plug in your own custom authentication scheme (for example, look up a user against a database to validate the password), build a module that synchronizes this event and authenticates the user in a way that you want to.
• AuthorizeRequest - This event is used internally to implement authorization mechanisms (for example, to store your access control lists (ACLs) in a database rather than in the file system). Although you can override this event, there are not many good reasons to do so.
• PreRequestHandlerExecute - This event occurs before the HTTP handler is executed.
• PostRequestHandlerExecute - This event occurs after the HTTP handler is executed.
• EndRequest - Request has been completed. You may want to build a debugging module that gathers information throughout the request and then writes the information to the page.

So it really depends on when you need to hook in your event and which events you need.