3

I need to get values of my Post Parameters at the time of Authorization. Searchers on web but no solution is working. ActionArguments count always showing 0 and not able to find values in ActionDescriptor.GetParameters()

Here is my code:

POST model -

public class XyzModel
{
   public int Prop1 { get; set; }
   public string Prop2 { get; set; }
}

Custom Authorize Attribute -

public class CustomAuthorizeAttribute  : AuthorizeAttribute
{
   protected override bool IsAuthorized(HttpActionContext actionContext)
   {    
     bool conditions = // here I need to check value of my model (XyzModel) properties 
    if(conditions)
    {
       return true;
    }

      return false;
    }        
}

Code in controller -

[HttpPost]
[CustomAuthorizeAttribute]       
public IHttpActionResult MyAction(XyzModel model)
{
    // my work here
}

Any suggestion?

Improve this question

3 Answers 3

Reset to default
6

You can access model property of ActionArguments it will return XyzModel object. than you can perform any operation on its properties: 

XyzModel model = (XyzModel)actionContext.ActionArguments["model"];

In your code it will be like this:

public class CustomAuthorizeAttribute  : AuthorizeAttribute
{
    protected override bool IsAuthorized(HttpActionContext actionContext)
    {
        var prop1 = HttpContext.Current.Request.Params["Prop1"];
        var prop2 = HttpContext.Current.Request.Params["Prop2"];
        bool conditions = // add conditions based on above properties
        if(conditions)
        {
            return true;
        }

        return false;
    }        
}
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

thanks for reply . but as I mentioned in my question ActionArguments count are showing 0.
ohh okay i did not noticed that. Thanks.
If ActionArguments count is 0 than posted data's properties can be access as this: HttpContext.Current.Request.Params["Prop1"]; HttpContext.Current.Request.Params["Prop2"]; I have updated my answer.
3

I believe, you will not get post parameter value in AuthorizeAttribute as AuthorizeAttribute methods are called before action's parameter binding.

For your scenario, you can use ActionFilterAttribute which executes only after action's parameter binding. You can create your custom filter attribute by using ActionFilterAttribute 

using System.Web.Http.Controllers;
using System.Web.Http.Filters;

public class CheckMyPostDataFilter : ActionFilterAttribute
{
    public override void OnActionExecuting(HttpActionContext actionContext)
    {
        XyzModel model = (XyzModel )actionContext.ActionArguments["model"]; // you will get data here 

        base.OnActionExecuting(actionContext);
    }
}

You can simply decorate above CheckMyPostDataFilter filter in your action :

[HttpPost]
[CheckMyPostData]       
public IHttpActionResult MyAction(XyzModel model)
{
    // my work here
}
Improve this answer

6 Comments

As far as i know OnActionExecuting does not take HttpActionContext as parameter. Actually it takes ActionExecutingContext as parameter.
HttpActionContext also worked using System.Web.Http.Filters .. ActionExecutingContext uses System.Web.Mvc.Filters ..
Sorry! my mistake. System.Web.Http.Filters.ActionFilterAttribute for web-api method OnActionExecuting takes HttpActionContext parameter.
while System.Web.Mvc.ActionFilterAttribute method OnActionExecuting takes ActionExecutingContext parameter.
and changing to ActionExecutingContext using System.Web.Mvc.Filters not working for me . .only HttpActionContext is working
|
1

You can use Request Body Input Stream to read the entire Body content as below

public sealed class CustomAuthorizeAttribute : AuthorizeAttribute
{
    protected override bool IsAuthorized(HttpActionContext actionContext)
    {
        var req = HttpContext.Current.Request.InputStream;
        string body = new StreamReader(req).ReadToEnd();
    }
}
Improve this answer

2 Comments

This works for me, the rest of them state to use HttpContext.Current.Request.Params, however, there I could not find any of my parameters.
You can only read from InputStream once. If you do it in the attribute then the model binder will not be able to read the body to map to action method.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.