How to get params from AuthorizationHandler .NET Core

In your handler you can do the following

var mvcContext = context.Resource as 
    Microsoft.AspNetCore.Mvc.Filters.AuthorizationFilterContext;

if (mvcContext != null)
{
    // Examine MVC specific things like routing data.
}

If you want parameter values then the authorize attribute pieces run before binding has taking place. Instead you would move to an imperative call, inside your controller. This is basically resource based authorization, your parameter is a resource.

You would inject the authorization service into your controller;

public class DocumentController : Controller
{
    IAuthorizationService _authorizationService;

    public DocumentController(IAuthorizationService authorizationService)
    {
        _authorizationService = authorizationService;
    }
}

Then write your handler slightly differently;

public class DocumentAuthorizationHandler : AuthorizationHandler<MyRequirement, Document>
{
    public override Task HandleRequirementAsync(AuthorizationHandlerContext context,
                                                MyRequirement requirement,
                                                Document resource)
    {
        // Validate the requirement against the resource and identity.

        return Task.CompletedTask;
    }
}

You can see this handler takes a document, this can be whatever you like, be it an integer for an ID, or some type of view model.

Then you have access to it inside your HandleRequirementAsync() method.

Finally, you'd call it from within your controller, once binding has taken place;

if (await authorizationService.AuthorizeAsync(
    User, 
    document,     
    yourRequirement))
{
}

In ASP.NET Core 3.0 with endpoint routing enabled, you can get a route parameter value like this:

public class MyRequirementHandler : AuthorizationHandler<MyRequirement>
{
    private readonly IHttpContextAccessor _httpContextAccessor;

    public MyRequirementHandler(IHttpContextAccessor httpContextAccessor)
    {
       _httpContextAccessor = httpContextAccessor ?? throw new ArgumentNullException(nameof(httpContextAccessor));
    }

    protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, MyRequirement requirement)
    {
        var routeData = _httpContextAccessor.HttpContext.GetRouteData();

        var areaName = routeData?.Values["area"]?.ToString();
        var area = string.IsNullOrWhiteSpace(areaName) ? string.Empty : areaName;

        var controllerName = routeData?.Values["controller"]?.ToString();
        var controller = string.IsNullOrWhiteSpace(controllerName) ? string.Empty : controllerName;

        var actionName = routeData?.Values["action"]?.ToString();
        var action = string.IsNullOrWhiteSpace(actionName) ? string.Empty : actionName;

        //...
    }
}

In ASP.NET Core 2.2, you can get a route parameter value like this:

public class MyRequirementHandler : AuthorizationHandler<MyRequirement>
{
    protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, MyRequirement requirement)
    {
        var authContext = (AuthorizationFilterContext)context.Resource;
        var routeValueOfX = authContext.HttpContext.GetRouteValue("X");
        .
        .
        .
    }
}

For future reference, starting .NET Core 5.0, the HttpContext is now passed instead, so you can do:

if (context.Resource is HttpContext httpContext)
{
   var value = httpContext.GetRouteValue("key");
}