0

I have created an authentication filter for my API and it will validate the auth header to make sure the user can access the API. However, I also have permissions set to endpoints that will allow users to read, but not write etc. I want to be able to perform this authentication here and if it fails i can kill the request. To do this, i need to know the controller and action values. I have access to the url string, but I am reluctant to parse this myself unless i have to.

I have tried using the following code from inside the AuthenticateAsync method

var requestcontext = context.Request.GetRequestContext();
string actionName = requestcontext.RouteData.Values["action"].ToString();
string controllerName = requestcontext.RouteData.Values["controller"].ToString();

This returns an issue as the controller and action keys are not set at this point. Is there a way to force them to be set? Meaning, is there a method i can call that will force .NET to set the route data now instead of later, allowing me access to the values?

In the event that this is impossible. How could I go about achieving this? I have tried to create a base APIController and inside here I tried to add the following.

protected override void OnAuthorization(AuthorizationContext filterContext)
{
//check the route data and validate 
}

This did not work as the APIController does not support this method. Assuming its part of the MVC controller and not the API. I have tried various other overrides that work with MVC, but they are not working for the API controller. I would much rather be able to handle it all in the filter so i dont need to use a controller, but if this is the only way to do it, how can it be done?

Dan Hastings
  • 3,241
  • 7
  • 34
  • 71
  • 1
    I've had the same problem, you can find some answers on my question: http://stackoverflow.com/questions/18248547/get-controller-and-action-name-from-within-controller – Rob May 03 '17 at 10:55

1 Answers1

0

The following code works to obtain the action and controller data during the authentication.

public class MyCustomFilter : IAuthenticationFilter
{
    public bool AllowMultiple { get; }

    public async Task AuthenticateAsync(HttpAuthenticationContext context, CancellationToken cancellationToken)
    {
        string actionName = context.ActionContext.ActionDescriptor.ActionName;
        string controllerName = context.ActionContext.ControllerContext.ControllerDescriptor.ControllerName;
    }
}
Dan Hastings
  • 3,241
  • 7
  • 34
  • 71