解决asp网络核心mvc中的路由段

I would like to do security validation in a custom attribute. A good example is if the user makes a GET request to retrieve an entity with a given id, I would like to intercept that request in the attribute, hand it off to an action filter, and then determine if the user has access to it. My only problem is how to retrieve the entity id. I can't pass it in the attribute declaration, because that gets initialized once instead of every request. Instead, I would like to give my custom attribute a url pattern like you would give HttpGet or HttpPost and have it resolve against the context's url parameters to result in an entity id.I would like to do security validation in a cus