使用Swashbuckle和ASP.NET Identity限制对Swagger中某些API控制器的访问 [英] Restrict access to certain API controllers in Swagger using Swashbuckle and ASP.NET Identity

问题描述

因此，我开始使用Swagger. 我绝对喜欢它的功能，但是我对所有公开使用的方法都有些怀疑.

So, I started using Swagger. I'm absolutely in love with it's features, but I have some doubts on availability of all methods to public.

据我了解-Swaschbuclke"auth"方法中包含的所有内容实际上都是关于API本身的，但是我在那里不需要帮助-我的所有API都受到API ID/密钥对的保护.

As far as I understood - all included in Swaschbuclke "auth" methods are actually about APIs itself, but I don't need help there - all of my APIs are protected by API id/key pair.

我想以某种方式利用ASP.NET身份(登录系统)来限制对API页面(/swagger/ui/index)的访问.

I would like to somehow utilise ASP.NET Identity (login system) to restrict access to API page (/swagger/ui/index).

有什么办法吗? Swaschbuckle中有任何方法吗?有路线/身份黑客吗?

Is there any way? Any methods in Swaschbuckle? Any routes/Identity hacks?

感谢您的帮助.

[ApiExplorerSettings(IgnoreApi = true)]属性不是我想要的-它限制所有对方法的访问，而与Identity无关.

Edit 1: [ApiExplorerSettings(IgnoreApi = true)] attribute is not what I'm looking for - it restricts all the access to the methods, regardless of Identity.

推荐答案

关于限制在庞大的文档中公开各个API:

Concerning restricting exposure of individual APIs in your swagger documentation:

Swashbuckle 5.x:

Swashbuckle 5.x具有一个名为IgnoreObsoleteActions的配置选项(您需要设置；默认情况下未启用)，如果具有[Obsolete]属性，它们将隐藏动作.

Swashbuckle 5.x has a configuration option called IgnoreObsoleteActions (that you need to set; it isn't enabled by default) that will hide actions if they have the [Obsolete] attribute.

示例:配置

httpConfiguration
    .EnableSwagger(c =>
        {
            c.IgnoreObsoleteActions();
        });

文档中提供了更多信息.

Swashbuckle 4.1.x(或者如果您不想使用过时的属性):

Swashbuckle在

Swashbuckle builds the swagger documentation on top of IApiExplorer. You should be able to add an attribute -- [ApiExplorerSettings(IgnoreApi = true)] -- to manage ApiExplorerSettings the controller class or individual controller methods to have the explorer (and subsequently, Swashbuckle) ignore them when generating the documentation.

示例:个人动作

/// Ignore 'GetFoo' in documentation
public class FooBarController
{
    [ApiExplorerSettings(IgnoreApi = true)]
    public Bar GetFoo
    {
       ...
    }

    public Bar GetBar
    {
       ...
    }
}

示例:控制器类

/// Ignore every controller method in FooBarController in documentation
[ApiExplorerSettings(IgnoreApi = true)]
public class FooBarController
{
    public Bar GetFoo
    {
       ...
    }

    public Bar GetBar
    {
       ...
    }
}

此 GitHub问题中的更多详细信息.我已经在Swashbuckle 4.1.x中使用了它.

More details in this GitHub Issue. I've used this myself in Swashbuckle 4.1.x.

这篇关于使用Swashbuckle和ASP.NET Identity限制对Swagger中某些API控制器的访问的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！