Swagger-UI中关门的ServiceStack API文档 [英] ServiceStack API documentation in Swagger-UI behind the closed doors
问题描述
仅当用户在我们的Web应用程序上通过身份验证(窗体身份验证)时,我才希望允许访问swagger-ui和元数据,但是我想一直允许API访问(API具有一些公共方法,而某些方法则需要基本身份验证).
所以我要做的是为API添加了此路由前缀:
public override RouteAttribute[] GetRouteAttributes(Type requestType)
{
var routes = base.GetRouteAttributes(requestType);
routes.Each(x => x.Path = "/API" + x.Path);
return routes;
}
并且:
ServiceRoutes = new Dictionary<Type, string[]> {
{
typeof(AuthenticateService), new[] { "/api/auth", "/api/auth/{provider}" }
},
}
在网络配置中也是如此:
<location path="api">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
问题是,当我现在转到/api/时,效果很好,但是当我尝试调用某些方法时,我将重定向到我的login路由.
有没有像我刚开始时那样解决此问题的方法,还是有更好的方法来保护文档?
没有明确的选项要求对元数据页面进行身份验证,但是您可以使用PreRequestFilter通过以下方式保护对/metadata和/swagger-ui页面的访问:
PreRequestFilters.Add((req, res) =>
{
if (req.PathInfo.StartsWith("/metadata") || req.PathInfo.StartsWith("/swagger-ui"))
{
var session = req.GetSession();
if (!session.IsAuthenticated)
{
res.StatusCode = (int)HttpStatusCode.Unauthorized;
res.EndRequest();
}
}
});
如果您使用的是 Swagger 2.0/Open API功能,并且要保护对/openapi JSON规范的访问,,您可以在运行时通过以下方式动态添加[Authenticate]属性:
public AppHost()
{
typeof(OpenApiService)
.AddAttributes(new AuthenticateAttribute());
}
如果您使用的是较旧的 Swagger 1.2插件,则可以保护对后端服务的访问与:
public AppHost()
{
typeof(SwaggerResource)
.AddAttributes(new AuthenticateAttribute());
typeof(SwaggerResources)
.AddAttributes(new AuthenticateAttribute());
}
这假定您使用的是 ServiceStack身份验证,而不是ASP.NET Auth./p>
I want to allow access to swagger-ui and metadata only if user is authenticated (forms auth) on our web app, but I want to allow API access all the time (API have some public methods and some which require basic auth).
So what I did is I added this route prefix for API:
public override RouteAttribute[] GetRouteAttributes(Type requestType)
{
var routes = base.GetRouteAttributes(requestType);
routes.Each(x => x.Path = "/API" + x.Path);
return routes;
}
And:
ServiceRoutes = new Dictionary<Type, string[]> {
{
typeof(AuthenticateService), new[] { "/api/auth", "/api/auth/{provider}" }
},
}
And this as well in web config:
<location path="api">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
And the thing is that when I go to /api/ now that works fine, but when I try invoke some method, I get redirected to my login route.
Is there a way to solve this like I started, or there's a better way to protect the documentation?
There's no explicit option to require Authentication on metadata pages but you can use a PreRequestFilter to protect access to the /metadata and /swagger-ui pages with:
PreRequestFilters.Add((req, res) =>
{
if (req.PathInfo.StartsWith("/metadata") || req.PathInfo.StartsWith("/swagger-ui"))
{
var session = req.GetSession();
if (!session.IsAuthenticated)
{
res.StatusCode = (int)HttpStatusCode.Unauthorized;
res.EndRequest();
}
}
});
And to protect access to the /openapi JSON specification if you're using Swagger 2.0 / Open API Feature you can dynamically add the [Authenticate] attribute at runtime with:
public AppHost()
{
typeof(OpenApiService)
.AddAttributes(new AuthenticateAttribute());
}
If you're using the older Swagger 1.2 Plugin you can protect access to backend Services with:
public AppHost()
{
typeof(SwaggerResource)
.AddAttributes(new AuthenticateAttribute());
typeof(SwaggerResources)
.AddAttributes(new AuthenticateAttribute());
}
This assumes you're using ServiceStack Authentication not ASP.NET Auth.
这篇关于Swagger-UI中关门的ServiceStack API文档的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
