Authenticate WEB API request with action params

Question

I am interested how to do a MVC WEB API autorization. I have checked basic authentication , but I have a different scenario. In my case login params are expected as an action parameter and not inside header.

namespace Test.Controllers
{
    public class TestController : Controller
    {
       [RequireHttps]
       [Authorize]
        public void TestRequest(int actionParam, string username, string token, int appID)
        {
              something.......
        }
    }
}

I have also found this explanation http://www.codeproject.com/Tips/867071/WebAPI-Security-Custom-Authorization-Filters but would like to know is it possible to access action parameters instead of header value from Authorize?

score 3 · Accepted Answer · edited May 23 '17 at 12:14

Simply get the query string parameters in your OnAuthorization override either from the HttpActionContext or from HttpContext.Current.Request:

see: How to get Request Querystring values?

public override void OnAuthorization(HttpActionContext actionContext)
{
    var queryString = HttpUtility.ParseQueryString(actionContext.Request.RequestUri.Query.Substring( 1 ));
    var username = queryString["username"];
}

or see: Accessing QueryString in a custom AuthorizeAttribute

Add using System.Web; then:

public override void OnAuthorization(HttpActionContext actionContext)
{
    var username = HttpContext.Current.Request.QueryString["username"];
}

Authenticate WEB API request with action params

1 Answers1