Swashbuckle.AspNetCore请求的授权标头为空
目前,.net核心的swashbuckle中的授权头有一个问题,每个端点上的第一行代码是:
string auth = Request.Headers["Authorization"];使用postman时,一切工作正常,但从localhost/swagger发出请求时,标头为空
插入断点时,标头为空值。
当从端点删除授权时,请求的正文是正确的,并且一切都正常工作
在我的services.AddSwaggerGen中,我添加了安全定义:
services.AddSwaggerGen(c =>
{
c.SwaggerDoc("v1", new Info
{
Version = "v1",
Title = "Employee Navigator",
Description = "Authorization Key: Z29vZEtleQ==",
});
c.AddSecurityDefinition("Bearer", new ApiKeyScheme
{
Name = "Authorization",
In = "header",
Type = "apiKey",
Description = "Authorization Key: Z29vZEtleQ=="
});
c.AddSecurityRequirement(new Dictionary<string, IEnumerable<string>>
{
{ "Authorization", new[] { "readAccess", "writeAccess" } }
});
});我已经更新了下面的每一个,以确保我没有遗漏任何东西:我的csproj文件包含:
<ItemGroup>
<Folder Include="wwwroot\" />
<PackageReference Include="Microsoft.AspNetCore.StaticFiles" Version="2.0.1" />
<PackageReference Include="Swashbuckle.AspNetCore.Swagger" Version="2.4.0" />
<PackageReference Include="Swashbuckle.AspNetCore.SwaggerGen" Version="2.4.0" />
<PackageReference Include="Swashbuckle.AspNetCore.SwaggerUi" Version="2.4.0" />
<PackageReference Include="Swashbuckle.AspNetCore" Version="1.1.0" />
回答 3
Stack Overflow用户
发布于 2019-04-28 15:44:13
这里的问题是,安全定义中的名称(“持有者”)与添加到安全需求中的名称(“授权”)不匹配。对于后台上下文,SwashBuckle中曾经有一个bug,这意味着它在没有SecurityRequirement定义的情况下强制执行授权,以至于它突然停止了对它们的工作。需求定义有点笨拙,并导致了类似这样的问题。
如果您更改SecurityRequirement以匹配下面的代码,它应该可以工作:
services.AddSwaggerGen(c =>
{
c.SwaggerDoc("v1", new Info
{
Version = "v1",
Title = "Employee Navigator",
Description = "Authorization Key: Z29vZEtleQ==",
});
c.AddSecurityDefinition("Bearer", new ApiKeyScheme
{
Name = "Authorization",
In = "header",
Type = "apiKey",
Description = "Authorization Key: Z29vZEtleQ=="
});
c.AddSecurityRequirement(new Dictionary<string, IEnumerable<string>>
{
{ "Bearer", new[] { "readAccess", "writeAccess" } }
});
});Stack Overflow用户
发布于 2021-05-26 03:33:01
首先,您可以像这样使用AddSwaggerGen方法
services.AddSwaggerGen(c =>
{
c.SwaggerDoc(
"v1",
new OpenApiInfo
{
Title = "v1",
Description = "My Web - API",
Version = "V1.0.0"
});
// Add security definitions
var securityScheme = new OpenApiSecurityScheme()
{
Description = "Standard Authorization header using the Bearer scheme. Example: \"bearer {token}\"",
Name = "Authorization",
In = ParameterLocation.Header,
Type = SecuritySchemeType.Http,
BearerFormat = "JWT",
Scheme = "bearer"
};
c.AddSecurityDefinition("Bearer", securityScheme);
//And Add security requirements globally. If needs to be unique per operation then use IOperationFilter.
c.OperationFilter<AuthResponsesOperationFilter>();
});例如,可以删除AllowAnonymous方法上的授权键锁图标AuthResponsesOperationFilter
和AuthResponsesOperationFilter:
public class AuthResponsesOperationFilter : IOperationFilter
{
public void Apply(OpenApiOperation operation, OperationFilterContext context)
{
var authAttributes = context.MethodInfo.DeclaringType.GetCustomAttributes(true)
.Union(context.MethodInfo.GetCustomAttributes(true))
.OfType<AuthorizeAttribute>();
if (authAttributes.Any())
{
var securityRequirement = new OpenApiSecurityRequirement()
{
{
// Put here you own security scheme, this one is an example
new OpenApiSecurityScheme
{
Reference = new OpenApiReference
{
Type = ReferenceType.SecurityScheme,
Id = "Bearer"
},
Scheme = "Bearer",
Name = "Authorization",
In = ParameterLocation.Header,
Description = "Standard Authorization header using the Bearer scheme. Example: \"bearer {token}\"",
Type = SecuritySchemeType.ApiKey,
BearerFormat = "JWT"
},
new List<string>()
}
};
operation.Security = new List<OpenApiSecurityRequirement> { securityRequirement };
operation.Responses.Add("401", new OpenApiResponse { Description = "Unauthorized" });
}
}
}Stack Overflow用户
发布于 2018-04-19 22:45:27
找到了这个问题的答案,以防有人遇到这个问题:
我的解决方案可以在这里找到:https://github.com/domaindrivendev/Swashbuckle.AspNetCore/issues/696
有关该主题的更多信息可在此处找到:https://github.com/domaindrivendev/Swashbuckle.AspNetCore/issues/603
https://stackoverflow.com/questions/49908577
复制相似问题
腾讯云开发者
