c# - NSwag 的 AspNetCoreOperationSecurityScopeProcessor 将所有端点标记为需要授权

问题描述

我有这样设置的自定义授权方案：

services.AddAuthentication("ClientApp")
                .AddScheme<ClientAppAuthenticationOptions, ClientAppAuthenticationHandler>("ClientApp", null);

然后我有以下 NSwag OpenAPI 文档配置：

services.AddOpenApiDocument((settings, provider) =>
            {
                settings.DocumentName = "openapi";
                settings.AddSecurity("ClientApp", Enumerable.Empty<string>(), new OpenApiSecurityScheme
                {
                    Type = OpenApiSecuritySchemeType.ApiKey,
                    Description = "Authentications used for client apps, such as Mmcc.Stats.TpsMonitor",
                    Name = "X-Auth-Token",
                    In = OpenApiSecurityApiKeyLocation.Header
                });

                settings.OperationProcessors.Add(
                    new AspNetCoreOperationSecurityScopeProcessor("ClientApp")
                );
                // ...
            }

我在我的控制器中用[AllowAnonymous]和装饰了动作[Authorize(AuthenticationSchemes = "ClientApp")]，但是 NSwag 将我的所有端点标记为ClientApp在 ReDoc UI 中要求授权，而不考虑装饰器。为什么？

标签： c#asp.net-coreswaggeropenapinswag

我已通过将代码更改为此来修复它：

settings.DocumentProcessors.Add(
                    new SecurityDefinitionAppender("ClientApp",
                        new OpenApiSecurityScheme
                        {
                            Type = OpenApiSecuritySchemeType.ApiKey,
                            Description = "Authentications used for client apps, such as Mmcc.Stats.TpsMonitor",
                            Name = "X-Auth-Token",
                            In = OpenApiSecurityApiKeyLocation.Header
                        }));
                settings.OperationProcessors.Add(new AspNetCoreOperationSecurityScopeProcessor("ClientApp"));

c# - NSwag 的 AspNetCoreOperationSecurityScopeProcessor 将所有端点标记为需要授权

问题描述

解决方案

推荐阅读