admin管理员组

文章数量:1321416

We're using Swagger-UI to generate the OpenAPI docs for our api. Is there any hook that would allow us to abort the request if the user isn't authenticated? It supports filters, but it seems like I can't use it to stop the current request. I can always add a lambda middleware that checks the request's url and sees if user is authenticated or not when the url matches the one used by swagger to generate the json api, but I'm hoping that there's an easier way to do this through configuration.

Thanks.

We're using Swagger-UI to generate the OpenAPI docs for our api. Is there any hook that would allow us to abort the request if the user isn't authenticated? It supports filters, but it seems like I can't use it to stop the current request. I can always add a lambda middleware that checks the request's url and sees if user is authenticated or not when the url matches the one used by swagger to generate the json api, but I'm hoping that there's an easier way to do this through configuration.

Thanks.

Share Improve this question edited Jan 22 at 19:59 Jeremy Fiel 3,3072 gold badges11 silver badges26 bronze badges asked Jan 22 at 15:35 Luis AbreuLuis Abreu 4,57011 gold badges43 silver badges82 bronze badges 2
  • I suspect you are using Swashbuckle.AspNetCore. If so, middleware is the way to go. They don't implement authentication themselves, as it would just reinvent the wheel. You can easily use AspNetCore authentication middleware in front of it in the app builder and add the method that you want. The authentication options from Swashbuckle that are available are for allowing the UI users to authenticate the endpoints that are documented. Eg. the swagger ui can act as OAuth2 client. – InDieTasten Commented Jan 22 at 15:49
  • Yes, that's my scenario. The web app also hosts a blazor wasm client app. I've tried several options but none of them worked. – Luis Abreu Commented Jan 22 at 16:08
Add a comment  | 

1 Answer 1

Reset to default 0

Next time, must pay more attention when reading the docs. Overall, you just need to call the MapSwager method and then you can add the required restriction:

app.MapSwagger().RequireAuthorization();

本文标签: aspnet coreHow to protect OpenAPI Description URL when using Swagger UIStack Overflow