Route to controller based on query string

Question

Problem: We are upgrading from a legacy system, so solutions are constrained. I am trying to route to an unauthorized controller if a specific query string is present. If it is not present, the user is routed to the authorized controller. This is on ASP.Net Core 2.1.

Is it possible to set the controller to route based on query string? I've tried

[/home/[action]?query={query}] -> Leads to runtime error due to '?'

[/home/[action]/{query}] - > maps to /home/index/1 (not what I need)

Thanks for any help!

Edit: Alternatively, is it possible to have a separate controller Action that depends on the query parameter?

public IActionResult Index(){}

public IActionResult Index([FromQuery]string query){}

Routing doesn't seem to distinguish between these two.

Answer 1

You can use IActionConstraint and IParameterModelConvention interfaces for that. In short, create an IActionConstraint like this:

public class RequiredFromQueryActionConstraint : IActionConstraint
{
    private readonly string _parameter;

    public RequiredFromQueryActionConstraint(string parameter)
    {
        _parameter = parameter;
    }

    public int Order => 999;

    public bool Accept(ActionConstraintContext context)
    {
        if (!context.RouteContext.HttpContext.Request.Query.ContainsKey(_parameter))
        {
            return false;
        }

        return true;
    }
}

If a matching parameter is not found on the request's query string, then it will return false from the Accept method.

Than create RequiredFromQueryAttribute class like this:

public class RequiredFromQueryAttribute : FromQueryAttribute, IParameterModelConvention
{
    public void Apply(ParameterModel parameter)
    {
        if (parameter.Action.Selectors != null && parameter.Action.Selectors.Any())
        {
            parameter.Action.Selectors.Last().ActionConstraints.Add(new RequiredFromQueryActionConstraint(parameter.BindingInfo?.BinderModelName ?? parameter.ParameterName));
        }
    }
}

Than you could decorate your mandatory query string parameters with this attribute:

[Route("api/[controller]")]
public class ValuesController : Controller
{
    [HttpGet("{id}")]
    public string Get(int id, [RequiredFromQuery]string foo, [RequiredFromQuery]string bar)
    {
        return id + " " + foo + " " + bar;
    }
}

From now than, only the following URL GET api/values/5?foo=a&bar=b would lead into the action above, all other combinations of parameters would result in response with status 404, which you can eventually replace with what you want.

You can find more info at this link https://www.strathweb.com/2016/09/required-query-string-parameters-in-asp-net-core-mvc/