struggling with an ASP.NET MVC5 routing issue

1
votes

So, I have an MVC5 site that uses the default routing template {controller}/{action}/{id} and this works fine. Most everything in the site requires a login (i.e. [Authorize] attribute is used almost everywhere), and this works fine.

Well, now I have a need to allow anonymous access to select pages when a certain kind of link pattern is used: App/{token}/{action}. The {token} is a random string associated with something in my database. I can issue and deactivate these tokens at will.

I got this new App/{token}/{action} routing working by implementing a custom RouteBase that parses the incoming URL for these tokens, and, crucially, adds the the token value to the RouteData.DataTokens so that my App controller can make use of it without needing an explicit action argument for it. So, I added this new route to the route table ahead of the default routing like this:

// new route here
routes.Add("AppToken", new AnonAppAccessRoute());           

routes.MapRoute(
    name: "Default",
    url: "{controller}/{action}/{id}",
    defaults: new { controller = "Home", action = "Index", id = UrlParameter.Optional }
);

Here is the problem/question: adding this now route has now made my default route stop working -- everything is now going through AnonAppAccessRoute which of course is meant to work only for a few things. I don't understand how to make my AnonAppAccessRoute apply only to URLs with a certain pattern. The MapRoute method accepts a URL pattern, but Adding a route doesn't seem to let you put a filter on it. What am I missing? I've looked around quite a bit at various blogs and documentation about routing, but I've not found good info about using the DataTokens collection (which I feel is important to my approach), and I'm not seeing a good explanation of the difference between Adding a route explicitly vs calling MapRoute.

Here's the code of my custom RouteBase:

public class AnonAppAccessRoute : RouteBase
{
    public override RouteData GetRouteData(HttpContextBase httpContext)
    {
        RouteData result = null;

        string[] pathElements = httpContext.Request.Path.Split(new char[] { '/' }, StringSplitOptions.RemoveEmptyEntries);
        if (pathElements.Length > 0)
        {
            string token = TryGetArrayElement(pathElements, 1);
            if (!string.IsNullOrEmpty(token))
            {
                result = new RouteData(this, new MvcRouteHandler());
                result.DataTokens.Add("appToken", token);
                result.Values.Add("controller", "App");
                result.Values.Add("action", TryGetArrayElement(pathElements, 2, "Index"));
            }
        }

        return result;
    }

    private string TryGetArrayElement(string[] array, int index, string defaultValue = null)
    {
        try
        {
            return array[index];
        }
        catch
        {
            return defaultValue;
        }
    }

    public override VirtualPathData GetVirtualPath(RequestContext requestContext, RouteValueDictionary values)
    {
        return null;
    }
}
1
asp.net-mvc-5

1 Answers

0
votes

I got this to work by dropping the custom RouteBase and instead used this MapRoute call like this:

routes.MapRoute(
    name: "AppAnon",
    url: "App/{token}/{action}",
    defaults: new { controller = "App", action = "Index" }
);

Then, in my App controller, I did this in the Initialize override:

protected AppToken _appToken = null;

protected override void Initialize(RequestContext requestContext)
{
    base.Initialize(requestContext);
    string token = requestContext.RouteData.Values["token"]?.ToString();
    _appToken = Db.FindWhere<AppToken>("[Token]=@token", new { token });
    if (!_appToken?.IsActive ?? false) throw new Exception("The token is not found or inactive.");
}

This way, my "token" is available to all controller actions via the _appToken variable, and already validated. I did not need to use RouteData.DataTokens. Note that my Db.FindWhere statement is ORM-specific and not really related to the question -- it's just how I look up a database record.