13

My api client code sends an authentication token in the querystring like:

www.example.com/api/user/get/123?auth_token=ABC123

I'm using Mvc Web api controller, and I have a filter that checks if the auth_token is valid or not, but I'm not sure how to access the request querystring values.

This is what I am doing now but it is obviously wrong:

The below snippet is inside of my filter that inherits from:

ActionFilterAttribute

public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext actionContext)
{
       base.OnActionExecuting(actionContext);

       if (actionContext.Request.Properties.ContainsKey("auth_token") &&
          actionContext.Request.Properties["auth_token"].ToString() == "ABC123")
       {
         ...
       }
}
Improve this question
2
  • stackoverflow.com/questions/12101508/… Commented Sep 24, 2013 at 14:04
  • @muski but I want to do this in a filter, not at the action level. Commented Sep 24, 2013 at 14:16

3 Answers 3

Reset to default
31

Use the GetQueryNameValuePairs extension method, like so:

var queryString = actionContext.Request.GetQueryNameValuePairs().ToDictionary(x => x.Key, x => x.Value);

EDIT To avoid duplicate keys, consider doing a ToLookup:

var queryString = actionContext.Request.GetQueryNameValuePairs().ToLookup(x => x.Key, x => x.Value);

Here's a blog post on Lookups: https://www.c-sharpcorner.com/UploadFile/vendettamit/using-lookup-for-duplicate-key-value-pairs-dictionary/

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Butt beware: ToDictionary will throw an exception when two parameters with the same key are passed - for instance - defining an array.
You're right. Better would be to project the name/value pairs using ToLookup.
I like this GetQueryNameValuePairs(); here's another approach, using LastOrDefault(...) stackoverflow.com/a/22432384/1175496
10

In the OnActionExecuting method of a filter, you can access the query string and parse it like this to get the token.

var queryString = actionContext.Request.RequestUri.Query;
if(!String.IsNullOrWhiteSpace(queryString))
{
    string token = HttpUtility.ParseQueryString(
                         queryString.Substring(1))["auth_token"];
}

But then, is passing a token in query string a good practice? Probably not, but it is up to you. HTTP header could be a better option since query string can get logged and cached.

Improve this answer

Comments

0

Another way to do it, similar to Badri's:

string qsValue = string.Empty;
if (Request.QueryString.HasValue)
{
   NameValueCollection queryStringNameValues = HttpUtility.ParseQueryString(Request.QueryString.Value);
   qsValue = queryStringNameValues.Get("auth_token");
}
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.