admin管理员组

文章数量:1321246

We're using Swagger-UI to generate the OpenAPI docs for our api. Is there any hook that would allow us to abort the request if the user isn't authenticated? It supports filters, but it seems like I can't use it to stop the current request. I can always add a lambda middleware that checks the request's url and sees if user is authenticated or not when the url matches the one used by swagger to generate the json api, but I'm hoping that there's an easier way to do this through configuration.

Thanks.

We're using Swagger-UI to generate the OpenAPI docs for our api. Is there any hook that would allow us to abort the request if the user isn't authenticated? It supports filters, but it seems like I can't use it to stop the current request. I can always add a lambda middleware that checks the request's url and sees if user is authenticated or not when the url matches the one used by swagger to generate the json api, but I'm hoping that there's an easier way to do this through configuration.

Thanks.

  • asp-core
  • openapi
  • swagger-ui
Share Improve this question edited Jan 22 at 19:59 Jeremy Fiel 3,3072 gold badges11 silver badges26 bronze badges asked Jan 22 at 15:35 Luis AbreuLuis Abreu 4,57011 gold badges43 silver badges82 bronze badges 2
  • I suspect you are using Swashbuckle.AspNetCore. If so, middleware is the way to go. They don't implement authentication themselves, as it would just reinvent the wheel. You can easily use AspNetCore authentication middleware in front of it in the app builder and add the method that you want. The authentication options from Swashbuckle that are available are for allowing the UI users to authenticate the endpoints that are documented. Eg. the swagger ui can act as OAuth2 client. – InDieTasten Commented Jan 22 at 15:49
  • Yes, that's my scenario. The web app also hosts a blazor wasm client app. I've tried several options but none of them worked. – Luis Abreu Commented Jan 22 at 16:08
Add a comment  | 

1 Answer 1

Reset to default 0

Next time, must pay more attention when reading the docs. Overall, you just need to call the MapSwager method and then you can add the required restriction:

app.MapSwagger().RequireAuthorization();

本文标签: aspnet coreHow to protect OpenAPI Description URL when using Swagger UIStack Overflow

版权声明:本文标题:asp.net core - How to protect OpenAPI Description URL when using Swagger UI? - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1742035925a2417292.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。