I have created an authentication filter for my API and it will validate the auth header to make sure the user can access the API. However, I also have permissions set to endpoints that will allow users to read, but not write etc. I want to be able to perform this authentication here and if it fails i can kill the request. To do this, i need to know the controller and action values. I have access to the url string, but I am reluctant to parse this myself unless i have to.
I have tried using the following code from inside the AuthenticateAsync method
var requestcontext = context.Request.GetRequestContext();
string actionName = requestcontext.RouteData.Values["action"].ToString();
string controllerName = requestcontext.RouteData.Values["controller"].ToString();
This returns an issue as the controller and action keys are not set at this point. Is there a way to force them to be set? Meaning, is there a method i can call that will force .NET to set the route data now instead of later, allowing me access to the values?
In the event that this is impossible. How could I go about achieving this? I have tried to create a base APIController and inside here I tried to add the following.
protected override void OnAuthorization(AuthorizationContext filterContext)
{
//check the route data and validate
}
This did not work as the APIController does not support this method. Assuming its part of the MVC controller and not the API. I have tried various other overrides that work with MVC, but they are not working for the API controller. I would much rather be able to handle it all in the filter so i dont need to use a controller, but if this is the only way to do it, how can it be done?