Rewrite the Route after UseRouting was called inside a middle-ware

[TwentyFourMinutes]

Just to clarify, every endpoint needs authorization in my ASP.Net Core 3.1 MVC website, except the SignIn method obviously. Inside a middle-ware I am writing I need to rewrite the route, since I do not want to re-execute the whole pipeline again and don't want to redirect the user to some /Error/404 view. Additionally I do need access to the ClaimsPrinciple inside the middle-ware.

Just note I am currently using Cookie Authentication.

---

There are two approaches I could think of, where the first one would look something like this:

public void Configure(IApplicationBuilder app)
{
    // omitted for brevity...

    app.UseCookiePolicy();

    app.UseRouting(); // After this I wasn't really able to change the route anymore. Which makes sense in some way.

    app.UseAuthentication(); // This determines the User e.g. the ClaimsPrinciple
    app.UseAuthorization();

    app.MyMiddleware(); // I want to rewrite the route right here.

    // omitted for brevity...
}

However, even with my best efforts I could't get it to change the selected Endpoint by UseRouting.
These are all the things I tried:

• Setting the HttpContext.Request.Path (Directly assigning it something like /Some/Path)
• Changing the Route with IRouteValuesFeature (Change the area, controller and action strings)
• Removing the found endpoint from IEndpointFeature (Assign it null)

Sadly none of these things worked, they either started to produce 404 or just executed the first-matched route by UseRouting.

---

The other method I could think of was moving the Authentication, Authorization and MyMiddleware
middle-wares above the UseRouting.

public void Configure(IApplicationBuilder app)
{
    // omitted for brevity...

    app.UseCookiePolicy();

    app.UseAuthentication(); // This determines the User e.g. the ClaimsPrinciple
    app.UseAuthorization();

    app.MyMiddleware(); // Now I can rewrite the route here

    app.UseRouting();

    // omitted for brevity...
}

Now I would be able to rewrite the route with setting the HttpContext.Request.Path, however as the doc explicitly quotes, you should put the auth stuff after the UseRouting.

Call UseAuthentication before any middleware that depends on users being authenticated. When using endpoint routing, the call to UseAuthentication must go:

• After UseRouting, so that route information is available for authentication decisions.
• Before UseEndpoints, so that users are authenticated before accessing the endpoints.

---

I would assume that overall to make this work the second idea would be more possible than the first one. So would there be any way to achieve any of those methods?

[javiercn]

@TwentyFourMinutes thanks for contacting us.

Can you describe what you are trying to accomplish so that we can provide guidance on how to best approach it?

It is not clear why you are trying to change the request path after routing has run and what you expect do accomplish in doing so.

[TwentyFourMinutes]

Sure thing, basically I want to implement a rate-limit system on a per user basis. I do want to show a View, which tells you that you have exceeded the limit, instead of the actual content. I don't want to redirect the user, which would also cause the url in the browser to change. Additionally the whole middle-ware pipeline would be executed again which IMO is somewhat useless.

[javiercn]

You can do it in a different way.

I would create a middleware that checks the limits and replaces the current endpoint with an endpoint you specially designated to produce an error message. You don't need to rewrite the URL for that.

For example, create an attribute that implements IFilterMetadata, [RateLimitErrorUI] and put it on the page/action. On your middleware, inject the EndpointDataSource and search for the endpoint that contains that metadata. When you detect a user that surpases the rate limit, call context.SetEndpoint(e) to execute the error page instead of the original endpoint.

[TwentyFourMinutes]

I actually got so far to get the correct endpoint, also the action in the controller gets called, however this will throw me a System.ArgumentException: 'Value cannot be null or empty' with the following StackTrace:

at Microsoft.AspNetCore.Mvc.ViewEngines.CompositeViewEngine.GetView(String executingFilePath, String viewPath, Boolean isMainPage)
at Microsoft.AspNetCore.Mvc.ViewFeatures.ViewResultExecutor.FindView(ActionContext actionContext, ViewResult viewResult)
at Microsoft.AspNetCore.Mvc.ViewFeatures.ViewResultExecutor.d__7.MoveNext()
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.Mvc.ViewResult.d__26.MoveNext()
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<g__Awaited|29_0>d`2.MoveNext()
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Rethrow(ResultExecutedContextSealed context)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.ResultNext[TFilter,TFilterAsync](State& next, Scope& scope, Object& state, Boolean& isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.InvokeResultFilters()
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<g__Awaited|24_0>d.MoveNext()
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Rethrow(ResourceExecutedContextSealed context)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.InvokeFilterPipelineAsync()
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<g__Awaited|17_0>d.MoveNext()
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.Routing.EndpointMiddleware.<g__AwaitRequestTask|6_0>d.MoveNext()
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()

And this is the line of code it throws on.

Also I can confirm that the View can be found, when I manually enter the route to the endpoint/action. Additionally I might note that this was tested on the .NET 5.0 preview.

It seems to me that the .cshtml is chosen by the values inside the IRouteValuesFeature.RouteValues. If I change those values to something by hand, it will call the correct action, but return the View found at the route I have set in the IRouteValuesFeature.RouteValues.