Add properties to request during RequestFilter execution

Drammy · June 24, 2022, 11:00am

We have a number of endpoints where a check on authorisation is required so are looking at creating a RequestFilter for this purpose. To minimise database access; we’d like the authorisation check to access the database and determine authorisation and then add the authorising object to the request so it does not need to be re-retrieved in the service itself.

Is there a way to add properties to the request in the RequestFilter or should we be adding the property to the request DTO, perhaps marked as internal to hide it from the clients.

edit: grammar

mythz · June 24, 2022, 12:26pm

You can use the IRequest.Items dictionary to attach per request data that can be accessed throughout the request that has access to the IRequest context.

Drammy · June 24, 2022, 12:28pm

OK, got it, thanks.

Is it bad practice for POCOs to have internal properties?

mythz · June 24, 2022, 12:42pm

Yeah, POCOs shouldn’t have behavior or potential source of coupling. FYI you can also access the Request DTO with IRequest.Dto so you only need to pass IRequest to get access to both.