passing action method parameter to ActionFilterAttribute in asp.net mvc

Asked 20/3, 2013 at 17:36 Answered 11/7 at 6:41

Solved asp.net-mvc asp.net-mvc-3 asp.net-mvc-2

I know that I can use the filterContext to get to it. However, this is not very flexible if the action method parameter is named differently. This should work:

[HttpGet]
[NewAuthoriseAttribute(SomeId = id)]
public ActionResult Index(int id)
{
    ...

public class NewActionFilterAttribute : ActionFilterAttribute
{   
    public int SomeId { get; set; }
    ...

but it does not (it does not even compile). Any ideas?

Mme answered 20/3, 2013 at 17:36 Comment(4)

Attributes are metadata and as such can only have constant values. – Talkington 20/3, 2013 at 17:37

I think I came across this whilst googleing. I guess I could pass the name of the integer down to the attribute and then look for it in the filtercontext. what do you think? – Mme 20/3, 2013 at 17:40

Are you planning to base some of the authorization on a value sent to the application? Doesn't this give the user a chance to effect the authorization outcome? – Talkington 20/3, 2013 at 17:46

No sorry - my actionfiltername was misleading. i have changed that. – Mme 20/3, 2013 at 18:0

Building on the answer from @Pankaj and comments from @csetzkorn:

You pass the name of the parameter as a string then check the filterContext

public class NewAuthoriseAttribute : ActionFilterAttribute
{
    public string IdParamName { get; set; }

    public override void OnActionExecuting(ActionExecutingContext filterContext)
    {
        if (filterContext.ActionParameters.ContainsKey(IdParamName))
        {
            var id = filterContext.ActionParameters[IdParamName] as Int32?;
        }
    }
}

[NewAuthorizeAttribute(IdParamName = "fooId")]
public ActionResult Index(int fooId)
{ ... }

Yourself answered 20/3, 2013 at 18:18 Comment(2)

What about if I want to pass the model state to this action filter? – Ambassador 22/5, 2018 at 12:36

the "ContainsKey" method can throw an ArgumentNullException in case you decide to omit the "IdParamName" parameter. Be sure you check that: if (IdParamName != null && filterContext.ActionParameters.ContainsKey(IdParamName)) – Applause 19/4, 2021 at 19:1

Edit

I am assuming that you are looking to make the Alias of Parameter name. This is giving you the flexibility to have multiple Alias of your paramater Name.

enter image description here

ActionParameterAlias.ParameterAlias Overloads

enter image description here

If so, you can give alias like below.

[ParameterAlias("Original_Parameter_Name", 
                 "New_Parameter_Name")]
[ParameterAlias("Original_Parameter_Name", 
                 "New_Parameter_Name1")]
[ParameterAlias("Original_Parameter_Name", 
                 "New_Parameter_Name2")]
[ParameterAlias("Original_Parameter_Name", 
                 "New_Parameter_Name3")]

public ActionResult ActionMethod(Model ParameterValue) { return View(ParameterValue); }

Original Post

Try this one.

Attribute

public class NewAuthoriseAttribute : ActionFilterAttribute
{
    public override void OnActionExecuting(ActionExecutingContext filterContext)
    {
        if (filterContext.ActionParameters.ContainsKey("id"))
        {
            var id = filterContext.ActionParameters["id"] as Int32?;
        }
    }
}

Action Method

Make sure to set the Parameter type nullable to avoid RunTime Crash.

[NewAuthoriseAttribute]
public ActionResult Index(Int32? id)
{
}

Embonpoint answered 20/3, 2013 at 17:54 Comment(2)

as I said - that's not an option and I am aware of this. The reason why I do not want to use this approach is that id can also be called a, b, c etc. – Mme 20/3, 2013 at 17:58

Then add the name of the ActionParameters key to the constructor of the attribute. – Flashback 20/3, 2013 at 18:0

In the new versions, you only need to define a property inside the class and set the value above the methods.

public enum Roles
{
    Admin = 1,
    User
}

public class CustomAuthorizationAttribute : ActionFilterAttribute

{
    public Roles Role { get; set; }

    public override void OnActionExecuting(ActionExecutingContext context)
    {
        if (Role == Roles.Admin)
        {
            throw new UnauthorizedException(HttpStatusCode.Unauthorized, "AccessDenied", ResponseMessage.InvalidToken);
        }

        base.OnActionExecuting(context);
    }
}

  [CustomAuthorization(Role = Roles.Admin)]
    public IActionResult OnlyAdmin()
    {
        return Content("Hi Admin");
    }

Kaspar answered 11/7 at 6:41 Comment(0)

Original Post

Recommended topics

Hot tags