使用 Swashbuckle 和 ASP.NET Identity 限制对 Swagger 中某些 API 控制器的访问 [英] Restrict access to certain API controllers in Swagger using Swashbuckle and ASP.NET Identity

查看:12
本文介绍了使用 Swashbuckle 和 ASP.NET Identity 限制对 Swagger 中某些 API 控制器的访问的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

所以,我开始使用 Swagger.我非常喜欢它的功能,但我对所有公开方法的可用性有些怀疑.

据我所知——Swaschbuclkeauth"方法中包含的所有内容实际上都是关于 API 本身的,但我不需要帮助——我的所有 API 都受 API id/key 对保护.

我想以某种方式利用 ASP.NET Identity(登录系统)来限制对 API 页面(/swagger/ui/index)的访问.

有什么办法吗?Swaschbuckle 中的任何方法?任何路线/身份黑客?

感谢任何帮助.

编辑 1:[ApiExplorerSettings(IgnoreApi = true)] 属性不是我想要的 - 它限制了对方法的所有访问,无论身份如何.

解决方案

关于在 Swagger 文档中限制单个 API 的公开:

Swashbuckle 5.x:

Swashbuckle 5.x 有一个名为 IgnoreObsoleteActions 的配置选项(您需要设置它;默认情况下未启用),如果它们具有 [Obsolete] 属性,它将隐藏动作.p>

示例:配置

httpConfiguration.EnableSwagger(c =>{c.IgnoreObsoleteActions();});

文档中提供了更多信息.

Swashbuckle 4.1.x(或者如果您不想使用过时的属性):

Swashbuckle 在 IApiExplorer.您应该能够添加一个属性 -- [ApiExplorerSettings(IgnoreApi = true)] -- 来管理 ApiExplorerSettings 控制器类或单个控制器方法,以使资源管理器(以及随后的 Swashbuckle)在以下情况下忽略它们生成文档.

示例:单个操作

///忽略文档中的GetFoo"公共类 FooBarController{[ApiExplorerSettings(IgnoreApi = true)]公共酒吧 GetFoo{...}公共酒吧 GetBar{...}}

示例:控制器类

///忽略文档中 FooBarController 中的每个控制器方法[ApiExplorerSettings(IgnoreApi = true)]公共类 FooBarController{公共酒吧 GetFoo{...}公共酒吧 GetBar{...}}

更多详情请参阅 GitHub 问题.我自己在 Swashbuckle 4.1.x 中使用过这个.

So, I started using Swagger. I'm absolutely in love with it's features, but I have some doubts on availability of all methods to public.

As far as I understood - all included in Swaschbuclke "auth" methods are actually about APIs itself, but I don't need help there - all of my APIs are protected by API id/key pair.

I would like to somehow utilise ASP.NET Identity (login system) to restrict access to API page (/swagger/ui/index).

Is there any way? Any methods in Swaschbuckle? Any routes/Identity hacks?

Any help is appreciated.

Edit 1: [ApiExplorerSettings(IgnoreApi = true)] attribute is not what I'm looking for - it restricts all the access to the methods, regardless of Identity.

解决方案

Concerning restricting exposure of individual APIs in your swagger documentation:

Swashbuckle 5.x:

Swashbuckle 5.x has a configuration option called IgnoreObsoleteActions (that you need to set; it isn't enabled by default) that will hide actions if they have the [Obsolete] attribute.

Example: Configuration

httpConfiguration
    .EnableSwagger(c =>
        {
            c.IgnoreObsoleteActions();
        });

More info available in the documentation.

Swashbuckle 4.1.x (or if you don't want to use the obsolete attribute):

Swashbuckle builds the swagger documentation on top of IApiExplorer. You should be able to add an attribute -- [ApiExplorerSettings(IgnoreApi = true)] -- to manage ApiExplorerSettings the controller class or individual controller methods to have the explorer (and subsequently, Swashbuckle) ignore them when generating the documentation.

Example: Individual actions

/// Ignore 'GetFoo' in documentation
public class FooBarController
{
    [ApiExplorerSettings(IgnoreApi = true)]
    public Bar GetFoo
    {
       ...
    }

    public Bar GetBar
    {
       ...
    }
}

Example: Controller classes

/// Ignore every controller method in FooBarController in documentation
[ApiExplorerSettings(IgnoreApi = true)]
public class FooBarController
{
    public Bar GetFoo
    {
       ...
    }

    public Bar GetBar
    {
       ...
    }
}

More details in this GitHub Issue. I've used this myself in Swashbuckle 4.1.x.

这篇关于使用 Swashbuckle 和 ASP.NET Identity 限制对 Swagger 中某些 API 控制器的访问的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
C#/.NET最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆