Asp.net core Web API for SPA - 如何实现 Swagger 身份验证,而无需在 Web API 外部获取访问令牌并传递它?
Kar*_*mar 5 c# swagger-ui asp.net-core asp.net-core-webapi
我们正在使用 React 和 ASP.Net core Web API 构建 SPA。
React 会将 Auth_Token 传递给 ASP.Net core Web API 进行身份验证,这是可行的。
front-end application由于应用程序注册是与 一起完成的Scope & Roles,我不确定如何在 ASP.Net core Web API 中实现 Swagger 的身份验证。
目前我有以下swagger配置
private void AddSwagger(IServiceCollection services)
{
services.AddSwaggerGen(c =>
{
c.SwaggerDoc("v1", new OpenApiInfo
{
Version = "v1",
Title = "Track Management API",
});
var xmlCommentsFile = $"{Assembly.GetExecutingAssembly().GetName().Name}.xml";
var xmlCommentsFullPath = Path.Combine(AppContext.BaseDirectory, xmlCommentsFile);
c.IncludeXmlComments(xmlCommentsFullPath);
var jwtSecurityScheme = new OpenApiSecurityScheme
{
Scheme = "bearer",
BearerFormat = "JWT",
Name = "JWT Authentication",
In = ParameterLocation.Header,
Type = SecuritySchemeType.Http,
Description = "Put **_ONLY_** your JWT Bearer token on textbox below!",
Reference = new OpenApiReference
{
Id = JwtBearerDefaults.AuthenticationScheme,
Type = ReferenceType.SecurityScheme
}
};
c.AddSecurityDefinition(jwtSecurityScheme.Reference.Id, jwtSecurityScheme);
c.AddSecurityRequirement(new OpenApiSecurityRequirement
{
{ jwtSecurityScheme, Array.Empty<string>() }
});
});
}
目前,我们必须在 ASP.Net core Web API 外部获取 Auth_Token 并将其传递给它。
开发者能否直接从Swagger页面生成所需的Auth_Token来简化这个过程?
更新:下面的 Swagger 配置尝试获取所需的 auth_code 但it uses the Web API URL as the redirection URL失败。我想要的是它应该使用前端 URL 作为重定向 URL 来生成 auth_code 但将其传递给 Web API?
c.AddSecurityDefinition("oauth2", new OpenApiSecurityScheme
{
Description = "OAuth2.0 Auth Code with PKCE",
Name = "oauth2",
Type = SecuritySchemeType.OAuth2,
Flows = new OpenApiOAuthFlows
{
AuthorizationCode = new OpenApiOAuthFlow
{
AuthorizationUrl = new Uri($"https://login.microsoftonline.com/{this.Configuration.GetValue<string>("AzureAd:TenantId")}/oauth2/authorize"),
TokenUrl = new Uri($"https://login.microsoftonline.com/{this.Configuration.GetValue<string>("AzureAd:TenantId")}/v2.0/token"),
Scopes = new Dictionary<string, string>
{
{ this.Configuration.GetValue<string>("AzureAd:ApiScope"), "Allows Read and Write" }
}
}
}
});
c.AddSecurityRequirement(new OpenApiSecurityRequirement
{
{
new OpenApiSecurityScheme
{
Reference = new OpenApiReference { Type = ReferenceType.SecurityScheme, Id = "oauth2" }
},
new[] { this.Configuration.GetValue<string>("AzureAd:ApiScope") }
}
});
我看到的另一个选项是在较低环境的应用程序注册中添加 Web API URL 作为重定向 URL。
这与 Azure AD B2C 结合使用对我有用:
config.AddSecurityDefinition("oauth2", new OpenApiSecurityScheme
{
Type = SecuritySchemeType.OAuth2,
Scheme = "oauth2",
OpenIdConnectUrl = new Uri(builder.Configuration["AzureAd:Authority"]),
Flows = new OpenApiOAuthFlows
{
Implicit = new OpenApiOAuthFlow
{
AuthorizationUrl = new Uri(builder.Configuration["AzureAd:Authority"], UriKind.Absolute),
Scopes = new Dictionary<string, string>
{
{ builder.Configuration["AzureAd:Scopes"], "Access web API" },
}
}
}
});
config.AddSecurityRequirement(new OpenApiSecurityRequirement
{
{
new OpenApiSecurityScheme
{
Reference = new OpenApiReference { Type = ReferenceType.SecurityScheme, Id = "oauth2" }
},
new[] { builder.Configuration["AzureAd:Scopes"] }
}
});
| 归档时间: |
|
| 查看次数: |
1486 次 |
| 最近记录: |