Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to know which controller method will be called from Web API Authorization filter

I have a custom AuthorizationFilter class to handle authorization to my API. Now, I need to enhance it by adding some attributes to methods which will be read only in some situations.

I can get the controller from actionContext.ControllerContext but:

How can I know which Controller method will be called from the IsAuthorized method of my custom AuthorizeAttribute class? So I can get it's attributes with reflection.

Edit: Adding more info-

If I get a call like localhost/api/myapi/?id=4 I want to get the real name of the method that will be executed in the controller like GetById(int id).

That way I could check if the method has any custom attributes I need added to it.

like image 828
Mg. Avatar asked Sep 12 '14 18:09

Mg.


People also ask

Which is the controller method to override authorization filters?

To handle this scenario, we have the option to apply the attribute named OverrideAuthorization on the Contact method in the Home controller. Apply this on the method, as below. That's it.

How do I find my controller name on Web API?

Look in the route dictionary for the key "controller". Take the value for this key and append the string "Controller" to get the controller type name. Look for a Web API controller with this type name.

How does Web API authorize filter work?

Web API provides a built-in authorization filter, AuthorizeAttribute. This filter checks whether the user is authenticated. If not, it returns HTTP status code 401 (Unauthorized), without invoking the action. You can apply the filter globally, at the controller level, or at the level of individual actions.

Which class should a controller in Web API derived from?

The name of a controller class must end with "Controller" and it must be derived from System. Web. Http. ApiController class.

How do I authorize a controller in web API 2?

Authorization should be done by an authorization filter or inside the controller action. Here is the flow in the Web API 2 pipeline: Before invoking an action, Web API creates a list of the authentication filters for that action. This includes filters with action scope, controller scope, and global scope.

What are authorization filters in web API?

The Authorization filters run before the controller action. If the request is not authorized, the filter returns an error response, and the action is not invoked. Web API provides a built-in authorization filter, Authorize Attribute. This filter checks whether the user is authenticated.

How to name action methods in the web API controller?

As mentioned above, name of the action methods in the Web API controller plays an important role. Action method name can be the same as HTTP verbs like Get, Post, Put, Patch or Delete as shown in the Web API Controller example above.

What is the difference between authorization and authentication in web API?

Authentication proves the identity of the client. Authorization determines whether the client can access a particular resource. In Web API, authentication filters handle authentication, but not authorization. Authorization should be done by an authorization filter or inside the controller action. Here is the flow in the Web API 2 pipeline:


1 Answers

I used these to get all the descriptors and arguments within an ActionFilterAttribute

actionContext.ActionArguments["selectorString"] actionContext.ActionDescriptor.ControllerDescriptor.ControllerName actionContext.ActionDescriptor.ActionName

like image 69
Toby Simmerling Avatar answered Oct 13 '22 00:10

Toby Simmerling