Add properties to request during RequestFilter execution

We have a number of endpoints where a check on authorisation is required so are looking at creating a RequestFilter for this purpose. To minimise database access; we’d like the authorisation check to access the database and determine authorisation and then add the authorising object to the request so it does not need to be re-retrieved in the service itself.

Is there a way to add properties to the request in the RequestFilter or should we be adding the property to the request DTO, perhaps marked as internal to hide it from the clients.

edit: grammar

You can use the IRequest.Items dictionary to attach per request data that can be accessed throughout the request that has access to the IRequest context.

OK, got it, thanks.

Is it bad practice for POCOs to have internal properties?

Yeah, POCOs shouldn’t have behavior or potential source of coupling. FYI you can also access the Request DTO with IRequest.Dto so you only need to pass IRequest to get access to both.

1 Like