swagger oauth 安全定义 [英] swagger oauth security definition

问题描述

在我当前的 webapi 项目中，我设置了一个带有隐式流的 swagger oauth 安全定义并授权 url

然后，我添加了以下用于定义 OAuth2.0 方案的代码片段，如下所示:

//定义正在使用的 OAuth2.0 方案(即隐式流)c.AddSecurityDefinition("oauth2", new OAuth2Scheme{类型 = "oauth2",流 = "隐式",AuthorizationUrl = string.Format(CultureInfo.InvariantCulture, "https://login.microsoftonline.com/{0}/oauth2/authorize", Configuration["AzureAd:TenantId"]),Scopes = new Dictionary{{ "user_impersonation", "访问 Bruce-WebAPI-NetCore" }}});//启用基于 AuthorizeAttribute 的操作过滤器c.OperationFilter();

并使用以下代码初始化中间件以服务 swagger-ui.

//启用中间件来服务 swagger-ui(HTML、JS、CSS 等)，指定 Swagger JSON 端点.app.UseSwaggerUI(c =>{c.SwaggerEndpoint("/swagger/v1/swagger.json", "我的 API V1");c.ConfigureOAuth2(配置["AzureAd:SwaggerApp:ClientId"],配置["AzureAd:SwaggerApp:ClientSecret"],配置["AzureAd:SwaggerApp:RedirectUri"],//http://localhost:30504/swagger/o2c.html"Bruce-WebAPI-NetCore-Swagger",additionalQueryStringParameters: new Dictionary(){{资源"，配置[AzureAd:WebApiApp:ClientId"]}});});

测试:

<块引用><块引用>

但它仍然返回 AADSTS50001 未提供资源标识符

在我的处理过程中，我遇到了类似的问题.最后发现没有指定resource参数.然后，我为 ConfigureOAuth2 设置了 additionalQueryStringParameters 参数.这是我的代码示例WebAPI-Swagger-NetCore，你可以参考.

此外，要向资源应用程序 (Web API) 添加访问范围，您可以按照 此处.此外，我的 SecurityRequirementsOperationFilter 没有将范围要求分配给基于 AuthorizeAttribute 提供的操作 此处.您可以在 AddSecurityDefinition 下指定支持的范围，然后对于您的控制器或操作，您可以将其标记为 [Authorize(AuthenticationSchemes = "Bearer", Policy = "{scope}")].详细信息，您可以按照此示例进行操作.>

On my current webapi project I have set a swagger oauth security definition with implicit flow and authorize url https://login.microsoftonline.com/ + tenant Id. The scopes are the same as in the github exapmle for the Swashbuckle.AspNetCore nuget , this is the link https://github.com/domaindrivendev/Swashbuckle.AspNetCore. But when i try to authenticate on swagger online editor, this one https://editor.swagger.io/, I can't get the token back and get a 404 exception. What do I need to set in my azure portal registered app to return a token back to the online swagger editor ?

解决方案

According to your description, I created my .Net Core 2.0 Web API application and created the AAD app on Azure Portal. The configuration under ConfigureServices would look like this:

services.AddAuthentication(options =>
{
    options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
})
// Configure the app to use Jwt Bearer Authentication
.AddJwtBearer(jwtOptions =>
{
    jwtOptions.Authority = string.Format(CultureInfo.InvariantCulture, "https://sts.windows.net/{0}/", Configuration["AzureAd:TenantId"]);
    jwtOptions.Audience = Configuration["AzureAd:WebApiApp:ClientId"];
});

For Swagger UI, I also created a new AAD app on Azure Portal and add permissions to access the Web API app as follows:

Then, I added the following code snippet for defining the OAuth2.0 scheme as follows:

// Define the OAuth2.0 scheme that's in use (i.e. Implicit Flow)
c.AddSecurityDefinition("oauth2", new OAuth2Scheme
{
    Type = "oauth2",
    Flow = "implicit",
    AuthorizationUrl = string.Format(CultureInfo.InvariantCulture, "https://login.microsoftonline.com/{0}/oauth2/authorize", Configuration["AzureAd:TenantId"]),
    Scopes = new Dictionary<string, string>
    {
        { "user_impersonation", "Access Bruce-WebAPI-NetCore" }
    }
});
// Enable operation filter based on AuthorizeAttribute
c.OperationFilter<SecurityRequirementsOperationFilter>();

And use the following code for initializing the middleware to serve swagger-ui.

// Enable middleware to serve swagger-ui (HTML, JS, CSS, etc.), specifying the Swagger JSON endpoint.
app.UseSwaggerUI(c =>
{
    c.SwaggerEndpoint("/swagger/v1/swagger.json", "My API V1");
    c.ConfigureOAuth2(
        Configuration["AzureAd:SwaggerApp:ClientId"],
        Configuration["AzureAd:SwaggerApp:ClientSecret"],
        Configuration["AzureAd:SwaggerApp:RedirectUri"], //http://localhost:30504/swagger/o2c.html
        "Bruce-WebAPI-NetCore-Swagger",
        additionalQueryStringParameters: new Dictionary<string, string>(){
            { "resource",Configuration["AzureAd:WebApiApp:ClientId"]}
    });
});

Test:

but it still returns AADSTS50001 Resource identifier is not provided

During my processing, I encountered the similar issue. At last, I found that the resource parameter is not specified. Then, I set the additionalQueryStringParameters parameter for ConfigureOAuth2. Here is my code sample WebAPI-Swagger-NetCore, you could refer to it.

Moreover, for adding access scopes to your resource application (Web API), you could follow the Adding access scopes to your resource application section under here. Also, my SecurityRequirementsOperationFilter did not assign the scope requirements to operations based on AuthorizeAttribute provided here. You could specific the supported scopes under AddSecurityDefinition, then for your controller or action you could mark it as [Authorize(AuthenticationSchemes = "Bearer", Policy = "{scope}")]. Details, you could follow this sample.

这篇关于swagger oauth 安全定义的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！