diff --git a/src/ReC.API/Controllers/ResultViewController.cs b/src/ReC.API/Controllers/ResultViewController.cs
index 41f6b38..5a8b7ec 100644
--- a/src/ReC.API/Controllers/ResultViewController.cs
+++ b/src/ReC.API/Controllers/ResultViewController.cs
@@ -43,8 +43,6 @@ public class ResultViewController(IMediator mediator, IConfiguration config) : C
     [HttpPost]
     public async Task<IActionResult> Create([FromBody] CreateResultViewCommand command, CancellationToken cancel)
     {
-        // TODO: add middleware
-        command.Scope.AddedWho = config?["AddedWho"] ?? throw new InvalidOperationException("The required 'AddedWho' configuration is missing. Please contact a system administrator.");
         await mediator.Send(command, cancel);
         return CreatedAtAction(nameof(Get), new { actionId = command.ActionId }, command);
     }
diff --git a/src/ReC.API/Middleware/AuthScopedFilter.cs b/src/ReC.API/Middleware/AuthScopedFilter.cs
new file mode 100644
index 0000000..c3980df
--- /dev/null
+++ b/src/ReC.API/Middleware/AuthScopedFilter.cs
@@ -0,0 +1,18 @@
+using Microsoft.AspNetCore.Mvc.Filters;
+using ReC.Application.Common.Interfaces;
+
+namespace ReC.API.Middleware;
+
+public class AuthScopedFilter(IConfiguration config) : IAsyncActionFilter
+{
+    public async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
+    {
+        if (context.ActionArguments.TryGetValue("command", out var command) && command is IAuthScoped authScopedCommand)
+        {
+            var addedWho = config["AddedWho"] ?? throw new InvalidOperationException("The required 'AddedWho' configuration is missing. Please contact a system administrator.");
+            authScopedCommand.Scope.AddedWho = addedWho;
+        }
+
+        await next();
+    }
+}
\ No newline at end of file
diff --git a/src/ReC.API/Program.cs b/src/ReC.API/Program.cs
index dc657be..61156dc 100644
--- a/src/ReC.API/Program.cs
+++ b/src/ReC.API/Program.cs
@@ -54,7 +54,10 @@ try
         });
     });
 
-    builder.Services.AddControllers();
+    builder.Services.AddControllers(options =>
+    {
+        options.Filters.Add<AuthScopedFilter>();
+    });
     // Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle
     builder.Services.AddEndpointsApiExplorer();
     builder.Services.AddSwaggerGen(c =>
diff --git a/src/ReC.Application/Common/Interfaces/IAuthScoped.cs b/src/ReC.Application/Common/Interfaces/IAuthScoped.cs
index af11a4d..2e32426 100644
--- a/src/ReC.Application/Common/Interfaces/IAuthScoped.cs
+++ b/src/ReC.Application/Common/Interfaces/IAuthScoped.cs
@@ -4,10 +4,10 @@ namespace ReC.Application.Common.Interfaces;
 
 public record AuthScope
 {
-    public string AddedWho { get; set; } = null!;
+    public string? AddedWho { get; set; }
 }
 
 public interface IAuthScoped : IScoped<AuthScope>
 {
-    public string AddedWho => Scope.AddedWho;
+    public string? AddedWho => Scope.AddedWho;
 }
\ No newline at end of file