logo标签列表

使用Swashbuckle API文档的HTTP基本身份验证

asp.net-web-apiswaggerswashbuckle
7

请问如何将基本身份验证与Swashbuckle API文档集成?

我看到SwaggerConfig文件中有一个basicAuth函数:

    c.BasicAuth("basic").Description("Basic HTTP Authentication");

我已经做了什么:

  • 取消注释了上一行,但没有任何变化!

有人知道我错过了什么吗?

谢谢!

2个回答
8

对@MarwaAhmad最出色答案的微小改进是检查空参数(例如在URL中使用所有参数的简单GET或调用)。还添加了Basic Auth的详细信息。

另外,如果您已经使用全局IAuthorizationFilter来强制执行HTTPS,那么您将需要更改更通用的过滤器以允许Basic Auth。

filter => filter is IAuthorizationFilter

转到特定的

filter => filter is AuthorizeAttribute


    public class AddAuthorizationHeaderParameterOperationFilter : IOperationFilter
    {
        public void Apply(Operation operation, SchemaRegistry schemaRegistry, ApiDescription apiDescription)
        {
            var filterPipeline = apiDescription.ActionDescriptor.GetFilterPipeline();
            var isAuthorized = filterPipeline.Select(filterInfo => filterInfo.Instance)
                .Any(filter => filter is IAuthorizationFilter);

            var allowAnonymous =
                apiDescription.ActionDescriptor.GetCustomAttributes<AllowAnonymousAttribute>().Any();

            if (isAuthorized && !allowAnonymous)
            {
                if (operation.parameters == null)
                    operation.parameters = new List<Parameter>();

                operation.parameters?.Add(new Parameter
                {
                    name = "Authorization",
                    @in = "header",
                    description = "Basic HTTP Base64 encoded Header Authorization",
                    required = true,
                    type = "string"
                });
            }
        }
    }
无法加载 System.Web.Http 4.0.0,出现错误。使用框架 4.6.1。请帮忙解决。 - Manoj Sethi
6

这是我如何实现HTTP基本认证的方法:

public class AddAuthorizationHeaderParameterOperationFilter: IOperationFilter
{
    public void Apply(Operation operation, SchemaRegistry schemaRegistry, ApiDescription apiDescription)
    {
        var filterPipeline = apiDescription.ActionDescriptor.GetFilterPipeline();
        var isAuthorized = filterPipeline
                                         .Select(filterInfo => filterInfo.Instance)
                                         .Any(filter => filter is IAuthorizationFilter);

        var allowAnonymous = apiDescription.ActionDescriptor.GetCustomAttributes<AllowAnonymousAttribute>().Any();

        if (isAuthorized && !allowAnonymous)
        {
            operation.parameters.Add(new Parameter {
                name = "Authorization",
                @in = "header",
                description = "access token",
                required = true,
                type = "string"                    
            });
        }
    }
}

API的用户应在字段值中写入:basic [un:pw].tobase64。

参考资料: Swashbuckle问题326 Swashbuckle问题2

无法加载 System.Web.Http 4.0.0,出现错误。使用框架 4.6.1。需要帮助。 - Manoj Sethi
网页内容由stack overflow 提供, 点击上面的
可以查看英文原文,
原文链接