Home/ Questions/Q 273811
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-12T00:30:51+00:00

I’m trying to write a unit test that will loop through all action methods

  • 0

I’m trying to write a unit test that will loop through all action methods on my controller classes looking for action methods that don’t have some security-related attribute on them (e.g. [Authorize]).

How does the ASP.NET routing engine determine which methods are action methods? Obviously the action methods have to be public, but methods like ToString() are not action methods, so there is some logic to this.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I stopped being lazy and I found the answer, most of which was in System.Web.Mvc.ActionMethodSelector.PopulateLookupTables() (thanks Reflector!)

        private IEnumerable<MethodInfo> GetActionMethods(Type controllerType)
    {
        return Array.FindAll(controllerType.GetMethods(BindingFlags.InvokeMethod | BindingFlags.Public | BindingFlags.Instance), IsValidActionMethod);
    }

    private static bool IsValidActionMethod(MethodInfo methodInfo)
    {
        return (!methodInfo.IsSpecialName && !methodInfo.GetBaseDefinition().DeclaringType.IsAssignableFrom(typeof(Controller)) && 
            !methodInfo.GetCustomAttributes(typeof(NonActionAttribute), true).Any());
    }

    I was surprised to see all of the public methods on my base controller classes that were exposed with no security on them!

    • 0