Asp.net-Web-Api
帶有 swashbuckle api 文件的 http 基本身份驗證
誰能知道我如何將基本身份驗證與 swashbuckle api 的文件集成?
我看到swaggerconfig文件中有一個basicAuth函式:
c.BasicAuth("basic").Description("Basic HTTP Authentication");我做了什麼:
- 取消註釋前一行,但沒有任何改變!
有誰知道我錯過了什麼?
謝謝!
這是我進行httpbasic身份驗證的方式:
public class AddAuthorizationHeaderParameterOperationFilter: IOperationFilter { public void Apply(Operation operation, SchemaRegistry schemaRegistry, ApiDescription apiDescription) { var filterPipeline = apiDescription.ActionDescriptor.GetFilterPipeline(); var isAuthorized = filterPipeline .Select(filterInfo => filterInfo.Instance) .Any(filter => filter is IAuthorizationFilter); var allowAnonymous = apiDescription.ActionDescriptor.GetCustomAttributes<AllowAnonymousAttribute>().Any(); if (isAuthorized && !allowAnonymous) { operation.parameters.Add(new Parameter { name = "Authorization", @in = "header", description = "access token", required = true, type = "string" }); } } }api的使用者應在欄位值中寫入:basic
$$ un:pw $$.tobase64。 參考: swashbuckle 的 issue 326 swashbuckle issue 2
@MarwaAhmad 最出色的答案的一個小改進是檢查空參數(例如,簡單的 GET 或使用 URL 中的所有參數呼叫)。還添加了基本身份驗證的詳細資訊。
此外,如果您已經使用全域
IAuthorizationFilter來強制執行 HTTPS,那麼您將需要更改更通用的filter => filter is IAuthorizationFilter對特定的
filter => filter is AuthorizeAttributepublic class AddAuthorizationHeaderParameterOperationFilter : IOperationFilter { public void Apply(Operation operation, SchemaRegistry schemaRegistry, ApiDescription apiDescription) { var filterPipeline = apiDescription.ActionDescriptor.GetFilterPipeline(); var isAuthorized = filterPipeline.Select(filterInfo => filterInfo.Instance) .Any(filter => filter is IAuthorizationFilter); var allowAnonymous = apiDescription.ActionDescriptor.GetCustomAttributes<AllowAnonymousAttribute>().Any(); if (isAuthorized && !allowAnonymous) { if (operation.parameters == null) operation.parameters = new List<Parameter>(); operation.parameters?.Add(new Parameter { name = "Authorization", @in = "header", description = "Basic HTTP Base64 encoded Header Authorization", required = true, type = "string" }); } } }