viv*_*una 8 c# swagger swagger-ui swashbuckle asp.net-core
我正在使用 Swagger 在 Asp.Net Core 应用程序中测试我的 API。我通过输入这样的令牌来发送请求Authorization: Bearer {token}。但授权标头未在请求中发送。
Asp.Net Core 版本 3.1 和 Swashbuckle.AspNetCore 5.4.1
Startup.cs代码:
public class Startup
{
private const string _apiVersion = "v1";
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.TokenValidationParameters = new TokenValidationParameters
{
ClockSkew = TimeSpan.FromMinutes(0),
ValidateIssuer = true,
ValidateAudience = true,
ValidateLifetime = true,
ValidateIssuerSigningKey = true,
ValidIssuer = Configuration["Jwt:Issuer"],
ValidAudience = Configuration["Jwt:Issuer"],
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["Jwt:Key"]))
};
});
services.AddSwaggerGen(options =>
{
options.SwaggerDoc("v1", new OpenApiInfo
{
Version = "v1",
Title = "MyProject API",
Description = "MyProject"
});
options.DocInclusionPredicate((docName, description) => true);
// Define the BearerAuth scheme that's in use
options.AddSecurityDefinition("bearerAuth", new OpenApiSecurityScheme()
{
Description = "JWT Authorization header using the Bearer scheme. Example: \"Authorization: Bearer {token}\"",
Name = "Authorization",
In = ParameterLocation.Header,
Type = SecuritySchemeType.ApiKey
});
});
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env, ILoggerFactory loggerFactory)
{
app.UseAuthentication();
loggerFactory.AddLog4Net();
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseRouting();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
});
// Enable middleware to serve generated Swagger as a JSON endpoint
app.UseSwagger(c => { c.RouteTemplate = "swagger/{documentName}/swagger.json"; });
// Enable middleware to serve swagger-ui assets (HTML, JS, CSS etc.)
app.UseSwaggerUI(options =>
{
// specifying the Swagger JSON endpoint.
options.SwaggerEndpoint($"/swagger/{_apiVersion}/swagger.json", $"MyProject API {_apiVersion}");
//options.IndexStream = () => Assembly.GetExecutingAssembly()
// .GetManifestResourceStream("MyProject.Web.Host.wwwroot.swagger.ui.index.html");
options.DisplayRequestDuration(); // Controls the display of the request duration (in milliseconds) for "Try it out" requests.
}); // URL: /swagger
}
}
配置看起来不错。看来您定义的身份验证名称可能是罪魁祸首。
services.AddSwaggerGen(options =>
{
options.SwaggerDoc("v1", new OpenApiInfo
{
Version = "v1",
Title = "MyProject API",
Description = "MyProject"
});
options.DocInclusionPredicate((docName, description) => true);
// options.AddSecurityDefinition("bearerAuth", new OpenApiSecurityScheme()
// "bearerAuth" -> "oauth2"
options.AddSecurityDefinition("oauth2", new OpenApiSecurityScheme()
{
Description = "JWT Authorization header using the Bearer scheme. Example: \"Authorization: Bearer {token}\"",
Name = "Authorization",
In = ParameterLocation.Header,
Type = SecuritySchemeType.ApiKey
});
// Add this filter as well.
options.OperationFilter<SecurityRequirementsOperationFilter>();
});
您必须使用定义名称 as ,"oauth2"除非您手动将其传递securitySchemaName到构造函数中。事实上,SecurityRequirementsOperationFilter默认情况下使用标准名称。只需查看 的securitySchemaName默认值即可。
public SecurityRequirementsOperationFilter(bool includeUnauthorizedAndForbiddenResponses = true, string securitySchemaName = "oauth2")
{
Func<IEnumerable<AuthorizeAttribute>, IEnumerable<string>> policySelector = (IEnumerable<AuthorizeAttribute> authAttributes) => authAttributes.Where((Func<AuthorizeAttribute, bool>)((AuthorizeAttribute a) => !string.IsNullOrEmpty(a.Policy))).Select((Func<AuthorizeAttribute, string>)((AuthorizeAttribute a) => a.Policy));
filter = new SecurityRequirementsOperationFilter<AuthorizeAttribute>(policySelector, includeUnauthorizedAndForbiddenResponses, securitySchemaName);
}
它在我的环境中运行良好。请尝试使用此配置,并且不要忘记添加过滤器选项。
| 归档时间: |
|
| 查看次数: |
6653 次 |
| 最近记录: |