具有 .NetCore 3.0 不记名令牌授权的 SwaggerUI [英] SwaggerUI with .NetCore 3.0 bearer token authorization
问题描述
我正在尝试将授权标头添加到 SwaggerUI api 测试中.下面是我的 Startup.cs
public void ConfigureServices(IServiceCollection services){服务.AddControllers();services.Configure<ApiBehaviorOptions>(options =>{options.SuppressModelStateInvalidFilter = true;});services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_3_0);services.AddSwaggerGen(c =>{c.SwaggerDoc("v1", new OpenApiInfo{版本 =v1",标题 = API",描述 = QPIN API with ASP.NET Core 3.0",联系人 = 新的 OpenApiContact(){名称 = Tafsir Dadeh Zarrin",Url = new Uri("http://www.tdz.co.ir")}});var securitySchema = new OpenApiSecurityScheme{描述 =使用承载方案的 JWT 授权标头.示例:授权:承载{token}",名称=授权",在 = ParameterLocation.Header,类型 = SecuritySchemeType.ApiKey};c.AddSecurityDefinition(Bearer", securitySchema);var securityRequirement = new OpenApiSecurityRequirement();securityRequirement.Add(securitySchema, new[] { "Bearer" });c.AddSecurityRequirement(securityRequirement);});}公共无效配置(IApplicationBuilder 应用程序,IWebHostEnvironment 环境,IServiceProvider 服务提供者){app.UseCors(Cors");if (env.IsDevelopment()){app.UseDeveloperExceptionPage();}别的{应用程序.UseHsts();}app.UseHttpsRedirection();app.UseMiddleware();app.UseSwagger();app.UseSwaggerUI(c =>{c.SwaggerEndpoint(/swagger/v1/swagger.json", 我的 API V1");});app.UseRouting();app.UseAuthentication();app.UseAuthorization();app.UseEndpoints(端点 =>{端点.MapControllers();});}
授权按钮已添加到 Swagger UI,我已输入所需的访问令牌,如下所示
但问题是,当我想尝试 API 时,令牌没有被添加到 API 请求中,当我单击 API 上的锁定图标时,它显示没有任何可用的授权,见下文
我的实现 - 排除非受保护端点上的锁 - 使用 OperationFilter
internal static void SwaggerSetup(这个IServiceCollection服务,OpenApiInfo设置){如果(设置.版本!= null){services.AddSwaggerGen(c =>{c.SwaggerDoc(settings.Version, settings);c.OperationFilter();c.AddSecurityDefinition("bearer", new OpenApiSecurityScheme{描述 =`仅令牌!!!` - 没有 `Bearer_` 前缀",类型 = SecuritySchemeType.Http,BearerFormat = "JWT",在 = ParameterLocation.Header,方案=承载者"});});}}
和OperationFilter
私有类 AddAuthHeaderOperationFilter : IOperationFilter{公共无效应用(OpenApiOperation 操作,OperationFilterContext 上下文){var isAuthorized = (context.MethodInfo.DeclaringType.GetCustomAttributes(true).OfType().Any()&&!context.MethodInfo.DeclaringType.GetCustomAttributes(true).OfType<AllowAnonymousAttribute>().Any())//如果基本控制器具有 Authorize 属性,则排除具有 AllowAnonymous 属性的控制器||(context.MethodInfo.GetCustomAttributes(true).OfType().Any()&&!context.MethodInfo.GetCustomAttributes(true).OfType().Any());//这不包括具有 AllowAnonymous 属性的方法如果(!isAuthorized)返回;operation.Responses.TryAdd("401", new OpenApiResponse { Description = "Unauthorized" });operation.Responses.TryAdd("403", new OpenApiResponse { Description = "Forbidden" });var jwtbearerScheme = 新的 OpenApiSecurityScheme{Reference = new OpenApiReference { Type = ReferenceType.SecurityScheme, Id = "bearer";}};operation.Security = 新列表<OpenApiSecurityRequirement>{新 OpenApiSecurityRequirement { [jwtbearerScheme] = 新字符串 []{} }};}}
参考
I'm trying to add authorization header into SwaggerUI api test. below is my Startup.cs
public void ConfigureServices(IServiceCollection services)
{
services.AddControllers();
services.Configure<ApiBehaviorOptions>(options =>
{
options.SuppressModelStateInvalidFilter = true;
});
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_3_0);
services.AddSwaggerGen(c =>
{
c.SwaggerDoc("v1", new OpenApiInfo
{
Version = "v1",
Title = "API",
Description = "QPIN API with ASP.NET Core 3.0",
Contact = new OpenApiContact()
{
Name = "Tafsir Dadeh Zarrin",
Url = new Uri("http://www.tdz.co.ir")
}
});
var securitySchema = new OpenApiSecurityScheme
{
Description = "JWT Authorization header using the Bearer scheme. Example: "Authorization: Bearer {token}"",
Name = "Authorization",
In = ParameterLocation.Header,
Type = SecuritySchemeType.ApiKey
};
c.AddSecurityDefinition("Bearer", securitySchema);
var securityRequirement = new OpenApiSecurityRequirement();
securityRequirement.Add(securitySchema, new[] { "Bearer" });
c.AddSecurityRequirement(securityRequirement);
});
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env, IServiceProvider serviceProvider)
{
app.UseCors("Cors");
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseMiddleware<ApiResponseMiddleware>();
app.UseSwagger();
app.UseSwaggerUI(c =>
{
c.SwaggerEndpoint("/swagger/v1/swagger.json", "My API V1");
});
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
});
}
The Authorize button has been added to the Swagger UI and I've entered the required access token as shown below
but the issue is when I want to try an API the token is not getting added into API request, and when I click the lock icon over the API it shows that there isn't any available authorization, see below
My implementation - excludes locks on non protected endpoints - with OperationFilter
internal static void SwaggerSetup(this IServiceCollection services, OpenApiInfo settings)
{
if (settings.Version != null)
{
services.AddSwaggerGen(c =>
{
c.SwaggerDoc(settings.Version, settings);
c.OperationFilter<AddAuthHeaderOperationFilter>();
c.AddSecurityDefinition("bearer", new OpenApiSecurityScheme
{
Description = "`Token only!!!` - without `Bearer_` prefix",
Type = SecuritySchemeType.Http,
BearerFormat = "JWT",
In = ParameterLocation.Header,
Scheme = "bearer"
});
});
}
}
and the OperationFilter
private class AddAuthHeaderOperationFilter : IOperationFilter
{
public void Apply(OpenApiOperation operation, OperationFilterContext context)
{
var isAuthorized = (context.MethodInfo.DeclaringType.GetCustomAttributes(true).OfType<AuthorizeAttribute>().Any()
&& !context.MethodInfo.DeclaringType.GetCustomAttributes(true).OfType<AllowAnonymousAttribute>().Any()) //this excludes controllers with AllowAnonymous attribute in case base controller has Authorize attribute
|| (context.MethodInfo.GetCustomAttributes(true).OfType<AuthorizeAttribute>().Any()
&& !context.MethodInfo.GetCustomAttributes(true).OfType<AllowAnonymousAttribute>().Any()); // this excludes methods with AllowAnonymous attribute
if (!isAuthorized) return;
operation.Responses.TryAdd("401", new OpenApiResponse { Description = "Unauthorized" });
operation.Responses.TryAdd("403", new OpenApiResponse { Description = "Forbidden" });
var jwtbearerScheme = new OpenApiSecurityScheme
{
Reference = new OpenApiReference { Type = ReferenceType.SecurityScheme, Id = "bearer" }
};
operation.Security = new List<OpenApiSecurityRequirement>
{
new OpenApiSecurityRequirement { [jwtbearerScheme] = new string []{} }
};
}
}
Reference https://thecodebuzz.com/jwt-authorize-swagger-using-ioperationfilter-asp-net-core/
just added the condition to exclude AllowAnonymous
decorated methods
这篇关于具有 .NetCore 3.0 不记名令牌授权的 SwaggerUI的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!