3

I am currently trying to write a custom authentication filter and I need to access the dto that is being passed as a parameter to the action in my filter. Lets say I have an action like this

[AuthenticateProfile]
public ActionResult EditProfile(ProfileDTO profileDto)
    {
        if (ModelState.IsValid)
        {
            // Do crazy stuff
        }

        return something....
    }

I need to do my authentication based on some of the properties that are inside profiledto object.

I want to know how I can get this object inside my filter from AuthorizationContext.

ssilas777
  • 9,672
  • 4
  • 45
  • 68
Rob Schneider
  • 679
  • 4
  • 13
  • 27

4 Answers4

6

Here's how I did it:

var parameters = filterContext.ActionDescriptor.GetParameters();
var values = parameters.Select(s => new 
             {
                 Name = s.ParameterName,
                 Value = filterContext.HttpContext.Request[s.ParameterName]
             });
nullable
  • 2,513
  • 1
  • 29
  • 32
2

Assuming that your logic is happening in OnActionExecuting (meaning before the actual controller action is run), then one way of doing this (as outlined here) would be:

public override void OnActionExecuting(ActionExecutingContext filterContext)
{
   if (!filterContext.Controller.ViewData.ModelState.IsValid)
      return;

   var profileDto = filterContext.ActionParameters.SingleOrDefault(ap => ap.Key == "profileDto").Value;
   if (profileDto != null)
   {
      // do something with profileDto
   }
}
Community
  • 1
  • 1
rossipedia
  • 56,800
  • 10
  • 90
  • 93
  • Thanks but I failed to mention that I need this inside my OnAuthorization method where I have access to AuthorizationContext and I believe I can not access action parameters from that context. Any idea? – Rob Schneider Jul 14 '13 at 16:12
  • You'll have to access the raw route values then, as AuthorizationFilters run before any model binding has taken place. – rossipedia Jul 14 '13 at 17:34
  • Thanks, Could you elaborate on that? – Rob Schneider Jul 15 '13 at 11:18
2

ASP.NET Core

var parameters =
      filterContext
        .ActionDescriptor
        .Parameters
        .Select(s => new
        {
           Name = s.Name,
           Value = context.HttpContext.Request.Query[s.Name]
        });

extension

public static StringValues? Parameter(this AuthorizationFilterContext context, string name)
{
     var parameter = context.ActionDescriptor.Parameters.FirstOrDefault(it => it.Name == name);
    if (parameter == null) return null;
     return context.HttpContext.Request.Query[parameter.Name];
}

use

 var parameter = context.Parameter("id");
tchelidze
  • 8,050
  • 1
  • 29
  • 49
0

Here are some examples for you to try out:

public class AuthenticateProfileAttribute : AuthorizeAttribute {
    public override void OnAuthorization(AuthorizationContext filterContext) {
        // Looping through named parameters
        foreach (string name in filterContext.HttpContext.Request.QueryString.AllKeys) {
            var value = filterContext.HttpContext.Request.QueryString[name];
            // do something with the iteration
            Console.WriteLine(name + ": " + value);
        }

        // Looping through un-named parameters a.k.a route parameters
        foreach (KeyValuePair<string, object> parameter in filterContext.RouteData.Values) {
            var name = parameter.Key;
            var value = parameter.Value;
            // do something with the iteration
            Console.WriteLine(name + ": " + value);
        }

        // Get single named parameter
        string parameter = filterContext.HttpContext.Request.QueryString["parameter"];

        // Get single route parameter
        parameter = filterContext.RouteData.Values["parameter"].ToString();
    }
}

Using MVC 5.

Tiramonium
  • 557
  • 5
  • 15