If my action has a path like /controller/action/{id} I can get id in an AuthorizeAttribute by doing httpContext.Request.RequestContext.RouteData.Values["id"].

Conversely, if it's something like /controller/action?id={id} I can get it by doing httpContext.Request.QueryString["id"].

I'll need yet another way if it's form data from a POST.

Is there a way to say "Get what you would put in the parameter with name 'id', regardless of how the route is specified?"

var id = Request.RequestContext.RouteData.Values["id"] ?? Request.Params["id"] as string;

or if you want to privilege GET and POST parameters in favor of route data:

var id = Request.Params["id"] ?? Request.RequestContext.RouteData.Values["id"] as string;