Is it possible to set an instance variable or pass data to a controller from a custom authorize attribute?

Question

I have an authorize attribute that extends System.Web.Http.AuthorizeAttribute and overrides the onAuthorization method. It queries the DB with a token that comes from the request to see if the session is valid. From that, it knows the associated userId. I would like to somehow make the userId available to the controller of the action being called. Somehow setting an instance variable would be ideal because I want to unit test the controller. Perhaps that is not possible or there is a better way to go about doing it. Please let me know. I am using ApiController.

Thanks

You are not supposed to have any kind of session controls since REST is stateless by design. Anyhoo... this might help: http://stackoverflow.com/questions/19505526/asp-net-owin-identity-how-to-get-userid-from-a-web-api-controller — Henrique Miranda, Nov 13 '13 at 19:18

score 0 · Accepted Answer · answered Nov 14 '13 at 15:09

Not sure if this is the appropriate way to handle this situation, but to answer my question, one can use actionContext.ControllerContext.Controller. From there I can call a setter or set a public instance variable Please let me know if this a bad approach. Regarding sessions with REST, I am not too concerned with having a pure REST implementation.

Is it possible to set an instance variable or pass data to a controller from a custom authorize attribute?

1 Answers1