ASP Net Core 2.2仅向需要授权的方法添加储物柜图标-Swagger UI [英] ASP Net Core 2.2 add locker icon only to methods that require authorization - Swagger UI
问题描述
- ASP Net Core Web API-2.2
- Swashbuckle.AspNetCore-4.0.1
我已经在Web API项目中实现了大摇大摆.我在需要JWT授权的方法上使用 [Authorize]
属性.
I have implemented swagger in my Web API project. And I am using JWT authorization with [Authorize]
attribute on the methods that require it.
所以我想要一种简单的方法来发送需要授权的请求.在我的 ConfigureServices
类中,添加了以下逻辑.
So I wanted an easy way to be able to send requests that require authorization. In my ConfigureServices
class, I've added the following logic.
services.AddSwaggerGen(c =>
{
// Other swagger options
c.AddSecurityDefinition("Bearer", new ApiKeyScheme
{
In = "header",
Description = "Please enter into field the word 'Bearer' following by space and your JWT token",
Name = "Authorization",
Type = "apiKey"
});
c.AddSecurityRequirement(new Dictionary<string, IEnumerable<string>>
{
{ "Bearer", Enumerable.Empty<string>() },
});
// Other swagger options
});
它的作用如下:
它昂首阔步地添加了一个新按钮-授权.
What this does is the following:
It adds one new button in swagger - Authorize.
问题是,它还在每种方法旁边添加了一个打开"的储物柜图标.即使其中一些需要授权.
The problem is, it also adds an "open" locker icon, next to every method. Even though, some of them require authorization.
当我使用授权"按钮成功授权(它基本上向每个请求添加标头授权")时,我在所有请求上收到一个封闭"储物柜.
And when I authorize successfully using the Authorize button (It basically adds header Authorization to each request), I receive a "closed" locker on all of them.
我知道这可能是期望的功能,用于指示将通过请求发送授权令牌.我想要一种方法来显示哪些方法需要授权,哪些不需要.
I know this is probably desired functionality to indicate that an Authorization token will be sent via the request. I want a way to show which methods require authorization and which don't.
例如,匿名方法的打开"储物柜和具有 [Authorize]
属性的方法的封闭"储物柜.
For instance, the "open" locker for anonymous methods and "closed" locker for methods that have [Authorize]
attribute on them.
它可以是旁边的一个附加图标,或者可以修改此图标的行为,没问题.我怎样才能做到这一点?
It could be an additional icon, next to this or to modify the behaviour of this one, no problem. How can I achieve this?
我认为可能的解决方案是制作一个OperationFilter并遍历所有方法,并将某些内容"仅附加到具有 [Authorize]
属性的那些方法上.这是最好的解决方案吗?如果是这样,您将如何实施?
I believe a possible solution is to make an OperationFilter and go through all methods and attach "something" only to those that have [Authorize]
attribute on them. Is this the best solution? If so, how would you implement it?
推荐答案
自从我问这个问题以来已经过去了一个多月.这是我的方法.
Since it went more than a month since I asked this one. Here is how I did it.
我从 Startup.cs
中删除了以下代码:
I deleted the following code from Startup.cs
:
c.AddSecurityDefinition("Bearer", new ApiKeyScheme
{
In = "header",
Description = "Please enter into field the word 'Bearer' following by space and your JWT token",
Name = "Authorization",
Type = "apiKey"
});
c.AddSecurityRequirement(new Dictionary<string, IEnumerable<string>>
{
{ "Bearer", Enumerable.Empty<string>() },
});
我添加了以下内容:
c.OperationFilter<AddAuthHeaderOperationFilter>();
当然还有 AddAuthHeaderOperationFilter.cs
:
public class AddAuthHeaderOperationFilter : IOperationFilter
{
private readonly IHttpContextAccessor httpContextAccessor;
public AddAuthHeaderOperationFilter(IHttpContextAccessor httpContextAccessor)
{
this.httpContextAccessor = httpContextAccessor;
}
public void Apply(Operation operation, OperationFilterContext context)
{
var filterDescriptor = context.ApiDescription.ActionDescriptor.FilterDescriptors;
var isAuthorized = filterDescriptor.Select(filterInfo => filterInfo.Filter).Any(filter => filter is AuthorizeFilter);
var allowAnonymous = filterDescriptor.Select(filterInfo => filterInfo.Filter).Any(filter => filter is IAllowAnonymousFilter);
if (isAuthorized && !allowAnonymous)
{
if (operation.Parameters == null)
operation.Parameters = new List<IParameter>();
operation.Parameters.Add(new NonBodyParameter
{
Name = "Authorization",
In = "header",
Description = "JWT access token",
Required = true,
Type = "string",
//Default = $"Bearer {token}"
});
operation.Responses.Add("401", new Response { Description = "Unauthorized" });
operation.Responses.Add("403", new Response { Description = "Forbidden" });
operation.Security = new List<IDictionary<string, IEnumerable<string>>>();
//Add JWT bearer type
operation.Security.Add(new Dictionary<string, IEnumerable<string>>
{
{ "Bearer", new string[] { } }
});
}
}
}
很快,此OperationFilter类仅将储物柜图标添加到需要授权的方法中.储物柜始终处于打开状态.因此,这不是完美的解决方案,但现在还可以.
Shortly, this OperationFilter class only adds the locker icon to methods that require Authorization. The locker is always Opened though. So not the perfect solution, but for now is ok.
这是它的外观:
注意:因此,如果要测试API,首先要获得一个令牌,然后在需要的地方填充它.
Note: So if you want to test the API, you first get a token and then fill it where needed.
这篇关于ASP Net Core 2.2仅向需要授权的方法添加储物柜图标-Swagger UI的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!