Cannot read raw data as actionContext.Request.Content always empty in Action attribute in Web API

Question

I need to read the content sent via a post/put to my Web API via an attribute to perform some additional validation but the content value is always empty even thought I can see the context-size is set a value i.e. 2067 and the content-type is set to application/json

I've tried different things but none seem to work:

• ReadAsync
• ReadAsByteArrayAsync
• ReadAsStringAsync
• etc...

My last attempt looks as follows:

public async override void OnActionExecuting(HttpActionContext actionContext)
{
    using (MemoryStream ms = new MemoryStream())
    {
        await actionContext.Request.Content.CopyToAsync(ms)
                           .ConfigureAwait(false);
        var str = System.Text.UTF8Encoding.
                  UTF8.GetString(ms.GetBuffer(), 0, (int)ms.Length);
    }
}

The reason I tried to use the CopyTo is that I noticed that when I called some of the above functions, that even though they returned an empty string, I could make that call once is after some googling, I believe this is by design.

Bottom line is that I need to access the body/content of my request so that I can inspect the json that was sent.

Thanks.

Answer 1

The problem here is that the middleware that executes the controller action reads the request body and thus consumes it in the process, taking away the opportunity for any subsequent middleware to access it. This is why you're getting an empty string back when attempting to parse the stream as you're effectively reading a stream with a length of zero.

It seems like the Action Filter middleware is run after the controller middleware, which is already too late in the course of the pipeline. A solution would be to setup a custom middleware that executes before the controller middleware, and parse the request body stream only if the current action endpoint is annotated with the given attribute.

The solution provided here is written for ASP.NET Core 3.0, so you might have to do some adjustments to make it work in your specific project.

In Startup.cs:

public void Configure(IApplicationBuilder app)
{
   app.UseRouting();   // Routes middleware


   // Request body-reading middleware must be put after UseRouting()

   app.Use(async (ctx, next) =>
   {
      var endpoint = ctx.GetEndpoint();

      if (endpoint != null)
      {
         var attribute = endpoint.Metadata.GetMetadata<ThierryAttribute>();

         if (attribute != null)
         {
            ctx.Request.EnableBuffering();

            using (var sr = new StreamReader(ctx.Request.Body, Encoding.UTF8, false, 1024, true))
            {
               var str = await sr.ReadToEndAsync();   // Store request body JSON string
            }

            ctx.Request.Body.Position = 0;
         }
      }

      await next();
   });

   app.UseEndpoints(erb => erb.MapControllers());   // Controller middleware
}

And make your attribute into an empty marker attribute:

[AttributeUsage(AttributeTargets.Method)]
public class ThierryAttribute : Attribute { }