c# - C#: Swagger/Swashbuckle - 使用“AND”连接安全方案
问题描述
我有一个 ASP.NET Core Api,它需要为一个操作使用多个身份验证方案。我正在尝试通过在 Swagger UI 中显示所有必需的身份验证方案来记录这些操作。因此,我使用Swashbuckle.AspNetCore (5.1.0)库来OpenApiSecurityRequirement动态OpenApiOperation添加IOperationFilter:
if (authorizeAttributes.Any(x => x.AuthenticationSchemes.Contains(InternalControllerBasicAuthentication.AuthenticationScheme)))
{
requirements.Add(new OpenApiSecurityRequirement
{
{
new OpenApiSecurityScheme {
Reference = new OpenApiReference {
Type = ReferenceType.SecurityScheme,
Id = "credentials"
}
},
new [] { "Basic <credentials-value>" }
}
});
}
if (authorizeAttributes.Any(x => x.AuthenticationSchemes.Contains(OneTimePasswordAuthentication.AuthenticationScheme)))
{
requirements.Add(new OpenApiSecurityRequirement
{
{
new OpenApiSecurityScheme {
Reference = new OpenApiReference {
Type = ReferenceType.SecurityScheme,
Id = "one-time-password"
}
},
new [] { "Basic <one-time-password-value>" }
}
});
}
operation.Security = new List<OpenApiSecurityRequirement>(requirements);
此外,我使用SwaggerGenOptions来注册所有可能的方案:
var oneTimePasswordScheme = new OpenApiSecurityScheme
{
Name = "one-time-password",
In = ParameterLocation.Header,
Scheme = "one-time-password",
Type = SecuritySchemeType.ApiKey
};
options.AddSecurityDefinition("one-time-password", oneTimePasswordScheme);
var credentialsScheme = new OpenApiSecurityScheme
{
Name = "credentials",
In = ParameterLocation.Header,
Scheme = "credentials",
Type = SecuritySchemeType.ApiKey
};
options.AddSecurityDefinition("credentials", credentialsScheme);
除了 SwaggerOR在 UI 中使用连接器外,一切正常:
有没有办法使用AND连接器配置 Swagger?
任何帮助将不胜感激!
解决方案
不必OpenApiSecurityRequirement为每个对象添加一个OpenApiSecurityScheme,而是需要将所有OpenApiSecurityScheme对象放入一个OpenApiSecurityRequirement.
将安全要求与OR连接起来:
var requirements = new List<OpenApiSecurityRequirement>();
requirements.Add(new OpenApiSecurityRequirement
{
{
new OpenApiSecurityScheme {
Reference = new OpenApiReference {
Type = ReferenceType.SecurityScheme,
Id = "scheme-1"
}
},
new [] { "scheme-1-value" }
}
});
requirements.Add(new OpenApiSecurityRequirement
{
{
new OpenApiSecurityScheme {
Reference = new OpenApiReference {
Type = ReferenceType.SecurityScheme,
Id = "scheme-2"
}
},
new [] { "scheme-2-value" }
}
});
operation.Security = new List<OpenApiSecurityRequirement>(requirements);
用AND连接安全要求:
var requirement = new OpenApiSecurityRequirement();
requirement.Add(new OpenApiSecurityScheme {
Reference = new OpenApiReference {
Type = ReferenceType.SecurityScheme,
Id = "scheme-1"
}
},
new [] { "scheme-1-value" }
);
requirement.Add(new OpenApiSecurityScheme {
Reference = new OpenApiReference {
Type = ReferenceType.SecurityScheme,
Id = "scheme-2"
}
},
new [] { "scheme-2-value" }
);
operation.Security = new List<OpenApiSecurityRequirement> { requirement };
推荐阅读
- api - 快照为空颤动
- notifications - 我如何向我所有的松弛用户发送消息
- node.js - 我无法在我的输入中输入任何信息
- azure-active-directory - 将组所有者作为组成员删除的 Powershell 脚本 Azure AD
- angular - 我应该为 Web 应用程序使用 Spring Cloud Gateway 还是 Ngnix
- r - 计算相对于 XY 坐标的最近点
- javascript - 更改获取发布
- javascript - 获取语音频道中的用户数?不和谐.js
- mysql - 如何在k8s之外连接mysql master
- pandas - 将日期名称设置为日期时间索引数据帧中图表的 x 轴