Home/ Questions/Q 8580343
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-11T20:48:32+00:00

I created an ActionFilterAttribute for my web api in order to authorize people. Getting

  • 0

I created an ActionFilterAttribute for my web api in order to authorize people. Getting accessToken by RequestUri is okay, however i want to send it in form data. While reading Request.Content in onActionExecuting method of ActionFilterAttribute, server always has an empty result. How can i solve this problem? The code is as like as below:

    public class RequireAuthorization : ActionFilterAttribute
{

    public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext actionContext)
    {
        actionContext.Request.Content.ReadAsStringAsync().ContinueWith((t) =>
        {
            try
            {
                //query will result in empty string
                string query = t.Result;

                string UserID = HttpUtility.ParseQueryString(query).Get("UserID");
                string accessToken = HttpUtility.ParseQueryString(query).Get("AccessToken");

                UserRepository repository = new UserRepository();
                repository.IsTokenValid(Convert.ToInt32(UserID), accessToken);
            }
            catch (Exception ex)
            {
                var response = new HttpResponseMessage
                {
                    Content =
                        new StringContent("This token is not valid, please refresh token or obtain valid token!"),
                    StatusCode = HttpStatusCode.Unauthorized
                };

                throw new HttpResponseException(response);
            }
        });


        base.OnActionExecuting(actionContext);
    }
}
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    It’s is because the HttpContent has been read by the formatter before ActionFilter. Web API only allows reading content once. So you are unable to read it again.

    Here is a possible solution to you. First, make your action parameter as FormDataCollection: 

        [RequireAuthorization]
    public HttpResponseMessage PostTodo(FormDataCollection formData)
    {
        Todo todo = formData.ReadAs<Todo>();
        // ...

    Then, get it in ActionFilter by code:

        public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext actionContext)
    {
        var formData = actionContext.ActionArguments["formData"] as FormDataCollection;
        if (formData != null)
        {
            var userID = formData.Get("UserID");
            var accessToken = formData.Get("AccessToken");
            // authorize
        }

        base.OnActionExecuting(actionContext);
    }
    • 0