在Swagger UI中，如何从“匿名"菜单中删除挂锁图标.方法? [英] In Swagger UI, how can I remove the padlock icon from "anonymous" methods?

问题描述

我正在使用.Net Core 2.1创建一个API，并使用JSON Web令牌(JWT)进行身份验证.

I'm creating an API with .Net Core 2.1 and using JSON Web Token (JWT) for authentication.

我有2个控制器:AuthenticationController和UserController. 我已经用[AllowAnonymous]装饰了AuthenticationController，并用[Authorize]装饰了UserController.

I have 2 controllers: AuthenticationController and UserController. I have decorated AuthenticationController with [AllowAnonymous] and UserController with [Authorize].

Swagger运行正常:它允许我在不请求授权的情况下访问AuthenticationController(注册/登录)中的端点，并且确实请求JWT在UserController中访问端点.

Swagger is working correctly: it allows me to hit the endpoints in AuthenticationController (SignUp/SignIn) without requesting authorization, and it does request JWT to hit the endpoints in UserController.

但是，在Swagger UI中，每个控制器的每个端点都显示一个挂锁图标，好像它们都需要授权一样.一切正常且按预期工作，但是令我烦恼的是，不需要授权的端点仍然显示该挂锁图标.

However, in Swagger UI, every endpoint of every controller shows a padlock icon as if all of them required authorization. Everything works correctly and as expected but it just bothers me that the endpoints that don't require authorization still show that padlock icon.

是否可以从这些端点中删除挂锁图标?

我相信OperationFilter可以完成某些工作，但我找不到办法.

I believe that something can be done with the OperationFilter but I couldn't find a way.

推荐答案

绝对，您需要使用IOperationFilter删除匿名端点的挂锁图标.

Absolutly, you need to use an IOperationFilter to remove the padlock icon for the anonymous endpoints.

// AuthResponsesOperationFilter.cs
public class AuthResponsesOperationFilter : IOperationFilter
{
    public void Apply(OpenApiOperation operation, OperationFilterContext context)
    {
        var authAttributes = context.MethodInfo.DeclaringType.GetCustomAttributes(true)
            .Union(context.MethodInfo.GetCustomAttributes(true))
            .OfType<AuthorizeAttribute>();

        if (authAttributes.Any())
        {
            var securityRequirement = new OpenApiSecurityRequirement()
            {
                {
                    // Put here you own security scheme, this one is an example
                    new OpenApiSecurityScheme
                    {
                        Reference = new OpenApiReference
                        {
                            Type = ReferenceType.SecurityScheme,
                            Id = "Bearer"
                        },
                        Scheme = "oauth2",
                        Name = "Bearer",
                        In = ParameterLocation.Header,
                    },
                    new List<string>()
                }
            };
            operation.Security = new List<OpenApiSecurityRequirement> { securityRequirement };
            operation.Responses.Add("401", new OpenApiResponse { Description = "Unauthorized" });
    }
}

// Startup.cs
services.AddSwaggerGen(c =>
{
    ...
    c.OperationFilter<AuthResponsesOperationFilter>();
};

不要忘记删除Startup.cs中对AddSecurityRequirement的任何呼叫，否则挂锁图标仍将添加到所有端点.

Do not forget to remove any call to AddSecurityRequirement in your Startup.cs, otherwise the padlock icon would still be added to all endpoints.

这篇关于在Swagger UI中，如何从“匿名"菜单中删除挂锁图标.方法?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！