2

I am accessing the POST request in the application_beginrequest method of the global.asax file in WebAPI. And once I get the UserID there from the request, I then tried to get the same request again from the HttpActionContext method and tried to customauthorize the user but once I get the data in global.asax file, the parameters are no more available in the CustomAuthorization class. Not sure if why this is happening and if this is the intented behaviour. could somebody please explain what is happening. Please find my code below.

Global.asax

    protected void Application_BeginRequest(Object source, EventArgs e)
    {
        var userID = GetUserID(HttpContext.Current);
        try
        {
         CustomAuthorizeAttribute customObj= new CustomAuthorizeAttribute();

            if (!customObj.AuthorizeRequest(userID))
            {
                throw new Exception();
            }
        }
        catch (Exception ex)
        {
            throw ex;
        }
    }

 private string GetUserID(HttpContext context)
    {
        string UserID = string.Empty;

        using (var stream= new StreamReader(context.Request.InputStream))
        {
            string inputData = stream.ReadToEnd();
           //code to parse the data and get the userID value.                         
        }
        return userID;
    }

CustomAuthorizeAttribute.cs

 public override void OnAuthorization(System.Web.Http.Controllers.HttpActionContext actionContext)
    {
       userID = GetUser(actionContext);

            if (CustomAuthorize(userID))
            {
                return;
            }                         
    }

 private string GetUser(System.Web.Http.Controllers.HttpActionContext actionContext)
    {            
       var username = string.Empty;            
        var request = actionContext.Request.Content.ReadAsStringAsync().Result;
        if ((request != null) && (request != string.Empty))
        {
            JObject Obj = JObject.Parse(request);
            if (Obj != null)
                username = (string)Obj ["userID"];                
        }
        return username;
    }
NewTech
  • 316
  • 5
  • 23

1 Answers1

3

I found the answer in one of the posts. The stream as such can be read only once and hence, I copied it into Memory Stream. 

 using (var stream = new MemoryStream())
        {
            context.Request.InputStream.Seek(0, SeekOrigin.Begin);
            context.Request.InputStream.CopyTo(stream);
            string requestBody = Encoding.UTF8.GetString(stream.ToArray());
            if(requestBody!=string.Empty)
            {
                JObject inputReqObj = JObject.Parse(requestBody);
                UserID = (string)inputReqObj["eUserID"];
            }
        }

Now, I can still read from my customAuthorize class as given above in the question. the only change I had to make was in the global.asax file. Found this answer in the following post, tweaked it a little to suit my requirement. How to get hold of Content that is already read

Community
  • 1
  • 1
NewTech
  • 316
  • 5
  • 23
  • Man, I've been beating my head against the wall for nearly 24 hours straight, and I'd nearly given up hope. And here you are with *exactly* the right answer, using just four lines of code (not counting the "if" statement, which I don't need). And not a single vote, not a single comment, not a single answer that isn't your own. At least not until just now. I feel like I just found priceless treasure long buried at the bottom of the sea. :) Thank you so very much! I cannot BELIEVE that this hasn't gotten more attention. I'll try to spread this post around to the other troubled souls. :) – Enrika Oct 17 '18 at 21:22