authentication - 在带有 ASP.NET Core Swashbuckle 的 Swagger UI 上使用 [Authorize] 属性
问题描述
在 ASP.NET Core 中Swashbuckle.AspNetCore
,如何使用 -attribute 来保护对 Swagger UI 的访问,就像用[Authorize]
-attribute 装饰它一样?
[Authorize]
当有人尝试访问/swagger
我的网络应用程序上的 -URL时,我希望执行(等效的)-属性,就像通常装饰的控制器/动作一样,以便执行我的自定义AuthenticationHandler<T>
。
解决方案
Swagger 中间件完全独立于 MVC 管道,因此不可能开箱即用。但是,通过一些逆向工程,我找到了一种解决方法。它涉及在自定义控制器中重新实现大部分中间件,所以它有点复杂,显然它可能会随着未来的更新而中断。
首先,我们需要停止调用IApplicationBuilder.UseSwagger
and IApplicationBuilder.UseSwaggerUI
,这样它就不会与我们的控制器发生冲突。
然后,我们必须通过修改我们的添加这些方法添加的所有内容Startup.cs
:
public void ConfigureServices(IServiceCollection services)
{
services.AddSwaggerGen(c =>
{
c.SwaggerDoc("documentName", new Info { Title = "My API", Version = "v1" });
});
// RouteTemplate is no longer used (route will be set via the controller)
services.Configure<SwaggerOptions>(c =>
{
});
// RoutePrefix is no longer used (route will be set via the controller)
services.Configure<SwaggerUIOptions>(c =>
{
// matches our controller route
c.SwaggerEndpoint("/swagger/documentName/swagger.json", "My API V1");
});
}
public void Configure(IApplicationBuilder app)
{
// we need a custom static files provider for the Swagger CSS etc..
const string EmbeddedFileNamespace = "Swashbuckle.AspNetCore.SwaggerUI.node_modules.swagger_ui_dist";
app.UseStaticFiles(new StaticFileOptions
{
RequestPath = "/swagger", // must match the swagger controller name
FileProvider = new EmbeddedFileProvider(typeof(SwaggerUIMiddleware).GetTypeInfo().Assembly, EmbeddedFileNamespace),
});
}
最后,有两件事需要重新实现:swagger.json
文件的生成,以及swagger UI的生成。我们使用自定义控制器执行此操作:
[Authorize]
[Route("[controller]")]
public class SwaggerController : ControllerBase
{
[HttpGet("{documentName}/swagger.json")]
public ActionResult<string> GetSwaggerJson([FromServices] ISwaggerProvider swaggerProvider,
[FromServices] IOptions<SwaggerOptions> swaggerOptions, [FromServices] IOptions<MvcJsonOptions> jsonOptions,
[FromRoute] string documentName)
{
// documentName is the name provided via the AddSwaggerGen(c => { c.SwaggerDoc("documentName") })
var swaggerDoc = swaggerProvider.GetSwagger(documentName);
// One last opportunity to modify the Swagger Document - this time with request context
var options = swaggerOptions.Value;
foreach (var filter in options.PreSerializeFilters)
{
filter(swaggerDoc, HttpContext.Request);
}
var swaggerSerializer = SwaggerSerializerFactory.Create(jsonOptions);
var jsonBuilder = new StringBuilder();
using (var writer = new StringWriter(jsonBuilder))
{
swaggerSerializer.Serialize(writer, swaggerDoc);
return Content(jsonBuilder.ToString(), "application/json");
}
}
[HttpGet]
[HttpGet("index.html")]
public ActionResult<string> GetSwagger([FromServices] ISwaggerProvider swaggerProvider, [FromServices] IOptions<SwaggerUIOptions> swaggerUiOptions)
{
var options = swaggerUiOptions.Value;
var serializer = CreateJsonSerializer();
var indexArguments = new Dictionary<string, string>()
{
{ "%(DocumentTitle)", options.DocumentTitle },
{ "%(HeadContent)", options.HeadContent },
{ "%(ConfigObject)", SerializeToJson(serializer, options.ConfigObject) },
{ "%(OAuthConfigObject)", SerializeToJson(serializer, options.OAuthConfigObject) }
};
using (var stream = options.IndexStream())
{
// Inject arguments before writing to response
var htmlBuilder = new StringBuilder(new StreamReader(stream).ReadToEnd());
foreach (var entry in indexArguments)
{
htmlBuilder.Replace(entry.Key, entry.Value);
}
return Content(htmlBuilder.ToString(), "text/html;charset=utf-8");
}
}
private JsonSerializer CreateJsonSerializer()
{
return JsonSerializer.Create(new JsonSerializerSettings
{
ContractResolver = new CamelCasePropertyNamesContractResolver(),
Converters = new[] { new StringEnumConverter(true) },
NullValueHandling = NullValueHandling.Ignore,
Formatting = Formatting.None,
StringEscapeHandling = StringEscapeHandling.EscapeHtml
});
}
private string SerializeToJson(JsonSerializer jsonSerializer, object obj)
{
var writer = new StringWriter();
jsonSerializer.Serialize(writer, obj);
return writer.ToString();
}
}
推荐阅读
- python - 用于逐行修改文本文件的Python for循环问题
- apache-drill - 我们如何使用 Apache Drill 将多个行值组合成单个分隔行
- javascript - 为什么在 React 中需要两次绑定 onClick?
- mongodb - 如何在 mongodb 中修复非常慢的查询
- java - 将 XMLGregorianCalendar 转换为 LocalDateTime 时区不一致
- python - 为什么 fetchall 总是导致“无”?
- excel - 对于每个循环似乎并不遍历每一行
- java - Jsoup、hashMap数据键值
- mysql - 如何列出一个表的所有行以及何时可以与另一个表连接,只有它的第一行?
- android - 满足条件时更改列的值