How to get Request Querystring values?

Question

My api client code sends an authentication token in the querystring like:

www.example.com/api/user/get/123?auth_token=ABC123

I'm using Mvc Web api controller, and I have a filter that checks if the auth_token is valid or not, but I'm not sure how to access the request querystring values.

This is what I am doing now but it is obviously wrong:

The below snippet is inside of my filter that inherits from:

ActionFilterAttribute

public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext actionContext)
{
       base.OnActionExecuting(actionContext);

       if (actionContext.Request.Properties.ContainsKey("auth_token") &&
          actionContext.Request.Properties["auth_token"].ToString() == "ABC123")
       {
         ...
       }
}

Answer 1

Use the GetQueryNameValuePairs extension method, like so:

var queryString = actionContext.Request.GetQueryNameValuePairs().ToDictionary(x => x.Key, x => x.Value);

EDIT To avoid duplicate keys, consider doing a ToLookup:

var queryString = actionContext.Request.GetQueryNameValuePairs().ToLookup(x => x.Key, x => x.Value);

Here's a blog post on Lookups: https://www.c-sharpcorner.com/UploadFile/vendettamit/using-lookup-for-duplicate-key-value-pairs-dictionary/

Answer 2

In the OnActionExecuting method of a filter, you can access the query string and parse it like this to get the token.

var queryString = actionContext.Request.RequestUri.Query;
if(!String.IsNullOrWhiteSpace(queryString))
{
    string token = HttpUtility.ParseQueryString(
                         queryString.Substring(1))["auth_token"];
}

But then, is passing a token in query string a good practice? Probably not, but it is up to you. HTTP header could be a better option since query string can get logged and cached.