2021-10-22 09:46:42 +08:00
---
title: "ASP0005: Do not place attribute on method called by route handler lambda"
description: "Learn about analysis rule ASP0005: Do not place attribute on method called by route handler lambda"
2022-09-28 07:52:40 +08:00
author: safia
2021-10-22 09:46:42 +08:00
monikerRange: '>= aspnetcore-6.0'
ms.author: riande
ms.date: 10/21/2021
2021-10-22 12:24:27 +08:00
uid: diagnostics/asp0005
2021-10-22 09:46:42 +08:00
---
# ASP0005: Do not place attribute on method called by route handler lambda
| | Value |
|-|-|
| **Rule ID** |ASP0005|
| **Category** |Usage|
| **Fix is breaking or non-breaking** |Non-breaking|
## Cause
2021-10-25 20:55:23 +08:00
An attribute was applied to a method definition instead of the route handler in a route handler endpoint.
2021-10-22 09:46:42 +08:00
## Rule description
2021-10-25 20:55:23 +08:00
When an endpoint is declared, attributes should be applied to the delegate parameter in order to be effective. For example, the [Authorize ](xref:Microsoft.AspNetCore.Authorization.AuthorizeAttribute ) attribute in the following code sample isn't set on the registered endpoint:
2021-10-22 09:46:42 +08:00
```csharp
app.MapGet("/todos/{id}", GetTodoById);
[Authorize]
Todo GetTodoById(int id)
{
...
}
```
The attribute must be placed on the route handler parameter as shown in the following code:
```csharp
app.MapGet("/todos/{id}", [Authorize] GetTodoById);
Todo GetTodoById(int id)
{
...
}
```
## How to fix violations
2021-10-25 20:55:23 +08:00
To fix a violation of this rule, make sure that endpoint attributes are applied to the route handler parameter:
2021-10-22 09:46:42 +08:00
```csharp
app.MapGet("/todos/{id}", [Authorize] (int id) => {});
app.MapGet("/users/{id}", [Authorize] GetUserById);
```
## When to suppress warnings
Do not suppress a warning from this rule. Misplaced attributes can result in unexpected behavior at runtime.
