NET Core 3.0的JWT身份验证和Swagger
Meh*_*aki 1 swagger swashbuckle asp.net-core-webapi .net-core-3.0
我正在使用.Net core 3.0开发一些Web Api,并希望将其与SwashBuckle.Swagger集成。它工作正常,但是当我添加JWT身份验证时,它无法按我预期的那样工作。为此,我添加了以下代码:
services.AddSwaggerGen(c =>
{
c.SwaggerDoc("v1", new Microsoft.OpenApi.Models.OpenApiInfo { Title = "My Web API", Version = "v1" });
c.AddSecurityDefinition("Bearer", new OpenApiSecurityScheme
{
Description = "JWT Authorization header using the Bearer scheme. Example: \"Authorization: Bearer {token}\"",
Name = "Authorization",
In = ParameterLocation.Header,
Type = SecuritySchemeType.ApiKey
});
});
添加AddSecurityDefinition功能后,我可以看到“授权”按钮,当我单击它时,会看到以下表单:
然后输入Bearer WhatEverApiKeyIsfgdgdgdg845734987fgdhgiher635kjh,完成后authorization: Bearer WhatEverApiKeyIsfgdgdgdg845734987fgdhgiher635kjh,当我从Swagger向Web Api发送请求时,我希望在请求的标头中看到该内容。但是授权未添加到请求标头中。我正在使用SwashBuckle.Swagger(5.0.0-rc3)。请注意,有许多示例可以在.net core 2.0上正常运行,但是Swashbuckle摇摇欲坠的功能在最新版本上已更改,因此我无法使用该示例。
Ame*_*eya 22
如果您使用的是 Swagger 3.0,那么它内置了对 JWT 身份验证的支持。
您需要在 OpenApiSecurityScheme 中使用 ParameterLocation.Header、SecuritySchemeType.Http、bearer 和 JWT,如下所示。
在此之后,您不需要以 Bearer {token} 格式指定令牌。仅指定令牌,安全方案将自动将其应用到标头中。
// Bearer token authentication
OpenApiSecurityScheme securityDefinition = new OpenApiSecurityScheme()
{
Name = "Bearer",
BearerFormat = "JWT",
Scheme = "bearer",
Description = "Specify the authorization token.",
In = ParameterLocation.Header,
Type = SecuritySchemeType.Http,
};
c.AddSecurityDefinition("jwt_auth", securityDefinition);
// Make sure swagger UI requires a Bearer token specified
OpenApiSecurityScheme securityScheme = new OpenApiSecurityScheme()
{
Reference = new OpenApiReference()
{
Id = "jwt_auth",
Type = ReferenceType.SecurityScheme
}
};
OpenApiSecurityRequirement securityRequirements = new OpenApiSecurityRequirement()
{
{securityScheme, new string[] { }},
};
c.AddSecurityRequirement(securityRequirements);
- 谢谢你!在许多对我不起作用的帖子之后,这个方法做到了! (2认同)
Meh*_*aki 12
经过研究,我终于在这里找到了答案
在看到此页面之前,我知道我会因为许多示例而使用AddSecurityRequirementafter AddSecurityDefinition,但是在.NET Core 3.0上功能参数已更改是一个问题。
顺便说一句,最终答案如下:
services.AddSwaggerGen(c =>
{
c.SwaggerDoc("v1", new OpenApiInfo {
Title = "My API",
Version = "v1"
});
c.AddSecurityDefinition("Bearer", new OpenApiSecurityScheme {
In = ParameterLocation.Header,
Description = "Please insert JWT with Bearer into field",
Name = "Authorization",
Type = SecuritySchemeType.ApiKey
});
c.AddSecurityRequirement(new OpenApiSecurityRequirement {
{
new OpenApiSecurityScheme
{
Reference = new OpenApiReference
{
Type = ReferenceType.SecurityScheme,
Id = "Bearer"
}
},
new string[] { }
}
});
});
- 这有效..提示:不要忘记在实际令牌之前写上“Bearer”。而且有点烦人的是,无论您在文本框中写什么,招摇总是说已授权...谢谢! (13认同)
- 这里提供的代码不需要在令牌之前输入 Bearer:https://www.thecodebuzz.com/jwt-authorization-token-swagger-open-api-asp-net-core-3-0/ (3认同)
- 谁拯救了生命,谁就拯救了世界。你救了我的命;-) 谢谢 (2认同)
Pau*_*lor 10
这是针对 Swashbuckle.AspNetCore 5.3.2 更新的解决方案,它与 IdentityServer4 集成,并带有使用 Bearer 令牌保护的 API。
在ConfigureServices()方法中:
services.AddSwaggerGen(options =>
{
options.SwaggerDoc("v1", new OpenApiInfo { Title = "My API", Version = "v1" });
options.AddSecurityDefinition("Bearer", SecuritySchemes.BearerScheme(Configuration));
options.AddSecurityRequirement(new OpenApiSecurityRequirement()
{
{ SecuritySchemes.OAuthScheme, new List<string>() }
});
});
在Configure()方法中:
app.UseSwaggerUI(options =>
{
options.SwaggerEndpoint("/My.Api/swagger/v1/swagger.json", "My API V1");
options.OAuthClientId(Clients.TestClient);
options.OAuthAppName("My Api - Swagger");
options.OAuthClientSecret(Configuration["TestClientSecret"]);
});
internal static class SecuritySchemes
{
public static OpenApiSecurityScheme BearerScheme(IConfiguration config) => new OpenApiSecurityScheme
{
Type = SecuritySchemeType.OAuth2,
Description = "Standard authorisation using the Bearer scheme. Example: \"bearer {token}\"",
In = ParameterLocation.Header,
Name = "Authorization",
Scheme = "Bearer",
OpenIdConnectUrl = new System.Uri($"{config["TokenServerUrl"]}.well-known/openid-configuration"),
BearerFormat = "JWT",
Flows = new OpenApiOAuthFlows
{
Password = new OpenApiOAuthFlow
{
AuthorizationUrl = new System.Uri($"{config["TokenServerUrl"]}connect/authorize"),
Scopes = new Dictionary<string, string>
{
{ Scopes.Api, "My Api" }
},
TokenUrl = new System.Uri($"{config["TokenServerUrl"]}connect/token")
}
}
};
public static OpenApiSecurityScheme OAuthScheme => new OpenApiSecurityScheme
{
Reference = new OpenApiReference
{
Type = ReferenceType.SecurityScheme,
Id = "Bearer"
},
Scheme = "oauth2",
Name = "Bearer",
In = ParameterLocation.Header,
};
}
- 好的,这是唯一对我有用的例子。我不敢相信他们让这件事变得多么困难。 (3认同)
div*_*ver 10
在接受的答案中,需要在实际令牌之前写入“Bearer”。可以跳过键入“ Bearer ”的类似方法如下:
c.SwaggerDoc("v1", new OpenApiInfo { Title = "Example API", Version = "v1" });
c.AddSecurityDefinition("Bearer", new OpenApiSecurityScheme
{
Type = SecuritySchemeType.Http,
BearerFormat = "JWT",
In = ParameterLocation.Header,
Scheme = "bearer",
Description = "Please insert JWT token into field"
});
c.AddSecurityRequirement(new OpenApiSecurityRequirement
{
{
new OpenApiSecurityScheme
{
Reference = new OpenApiReference
{
Type = ReferenceType.SecurityScheme,
Id = "Bearer"
}
},
new string[] { }
}
});
在这里,只需粘贴 JWT 令牌即可使其工作。
| 归档时间: |
|
| 查看次数: |
1815 次 |
| 最近记录: |