使用Swashbuckle和ASP.NET Identity限制对Swagger中某些API控制器的访问 [英] Restrict access to certain API controllers in Swagger using Swashbuckle and ASP.NET Identity
问题描述
因此,我开始使用Swagger. 我绝对喜欢它的功能,但是我对所有公开使用的方法都有些怀疑.
So, I started using Swagger. I'm absolutely in love with it's features, but I have some doubts on availability of all methods to public.
据我了解-Swaschbuclke"auth"方法中包含的所有内容实际上都是关于API本身的,但是我在那里不需要帮助-我的所有API都受到API ID/密钥对的保护.
As far as I understood - all included in Swaschbuclke "auth" methods are actually about APIs itself, but I don't need help there - all of my APIs are protected by API id/key pair.
我想以某种方式利用ASP.NET身份(登录系统)来限制对API页面(/swagger/ui/index)的访问.
I would like to somehow utilise ASP.NET Identity (login system) to restrict access to API page (/swagger/ui/index).
有什么办法吗? Swaschbuckle中有任何方法吗?有路线/身份黑客吗?
Is there any way? Any methods in Swaschbuckle? Any routes/Identity hacks?
感谢您的帮助.
[ApiExplorerSettings(IgnoreApi = true)]
属性不是我想要的-它限制所有对方法的访问,而与Identity无关.
Edit 1: [ApiExplorerSettings(IgnoreApi = true)]
attribute is not what I'm looking for - it restricts all the access to the methods, regardless of Identity.
推荐答案
关于限制在庞大的文档中公开各个API:
Concerning restricting exposure of individual APIs in your swagger documentation:
Swashbuckle 5.x:
Swashbuckle 5.x具有一个名为IgnoreObsoleteActions的配置选项(您需要设置;默认情况下未启用),如果具有[Obsolete]
属性,它们将隐藏动作.
Swashbuckle 5.x has a configuration option called IgnoreObsoleteActions (that you need to set; it isn't enabled by default) that will hide actions if they have the [Obsolete]
attribute.
示例:配置
httpConfiguration
.EnableSwagger(c =>
{
c.IgnoreObsoleteActions();
});
文档中提供了更多信息.
Swashbuckle 4.1.x(或者如果您不想使用过时的属性):
Swashbuckle builds the swagger documentation on top of IApiExplorer. You should be able to add an attribute -- [ApiExplorerSettings(IgnoreApi = true)]
-- to manage ApiExplorerSettings the controller class or individual controller methods to have the explorer (and subsequently, Swashbuckle) ignore them when generating the documentation.
示例:个人动作
/// Ignore 'GetFoo' in documentation
public class FooBarController
{
[ApiExplorerSettings(IgnoreApi = true)]
public Bar GetFoo
{
...
}
public Bar GetBar
{
...
}
}
示例:控制器类
/// Ignore every controller method in FooBarController in documentation
[ApiExplorerSettings(IgnoreApi = true)]
public class FooBarController
{
public Bar GetFoo
{
...
}
public Bar GetBar
{
...
}
}
此 GitHub问题中的更多详细信息.我已经在Swashbuckle 4.1.x中使用了它.
More details in this GitHub Issue. I've used this myself in Swashbuckle 4.1.x.
这篇关于使用Swashbuckle和ASP.NET Identity限制对Swagger中某些API控制器的访问的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!