我正在使用Swashbuckle库。目前没有stackoverflow标签。
我不太明白这里的文档:https://github.com/domaindrivendev/Swashbuckle/blob/master/README.md
标题为“#34;描述安全/授权方案"提到一段代码
c.ApiKey("apiKey")
.Description("API Key Authentication")
.Name("apiKey")
.In("header");
然而,当我包括这个没有任何反应。我还希望这只出现在某些API方法上。确实提到了
"需要配合相应的"安全"物业在 文件"
但我不明白这一点。
任何人都可以解释一下吗?
答案 0 :(得分:4)
我有同样的问题并以这种方式解决:
在SwaggerConfig:
var applyApiKeySecurity = new ApplyApiKeySecurity(
key: "ServiceBusToken",
name: "Authorization",
description: "Service Bus Token, e.g. 'SharedAccessSignature sr=...&sig=...&se=...&skn=...'",
@in: "header"
);
applyApiKeySecurity.Apply(c);
ApplyApiKeySecurity:
public class ApplyApiKeySecurity : IDocumentFilter, IOperationFilter
{
public ApplyApiKeySecurity(string key, string name, string description, string @in)
{
Key = key;
Name = name;
Description = description;
In = @in;
}
public string Description { get; private set; }
public string In { get; private set; }
public string Key { get; private set; }
public string Name { get; private set; }
public void Apply(SwaggerDocument swaggerDoc, SchemaRegistry schemaRegistry, System.Web.Http.Description.IApiExplorer apiExplorer)
{
IList<IDictionary<string, IEnumerable<string>>> security = new List<IDictionary<string, IEnumerable<string>>>();
security.Add(new Dictionary<string, IEnumerable<string>> {
{Key, new string[0]}
});
swaggerDoc.security = security;
}
public void Apply(Operation operation, SchemaRegistry schemaRegistry, System.Web.Http.Description.ApiDescription apiDescription)
{
operation.parameters = operation.parameters ?? new List<Parameter>();
operation.parameters.Add(new Parameter
{
name = Name,
description = Description,
@in = In,
required = true,
type = "string"
});
}
public void Apply(Swashbuckle.Application.SwaggerDocsConfig c)
{
c.ApiKey(Key)
.Name(Name)
.Description(Description)
.In(In);
c.DocumentFilter(() => this);
c.OperationFilter(() => this);
}
}
然后,swagger文件具有安全定义:
"securityDefinitions":{
"ServiceBusToken":{
"type":"apiKey",
"description":"Service Bus Token, e.g. 'SharedAccessSignature sr=...&sig=...&se=...&skn=...'",
"name":"Authorization",
"in":"header"
}
}
适用于文档级别的所有操作:
"security":[
{
"ServiceBusToken":[]
}
]
并且所有操作都分配了头参数:
"parameters":[
{
"name":"Authorization",
"in":"header",
"description":"Service Bus Token, e.g. 'SharedAccessSignature sr=...&sig=...&se=...&skn=...'",
"required":true,
"type":"string"
}
]
答案 1 :(得分:2)
Swashbuckle维护者建议我们提供自定义index.html来执行此操作,因为他将在下一个主要版本中删除这些配置。请参阅此issue。
提供您自己的“索引”文件
使用 CustomAsset 选项指示Swashbuckle在请求“index”时返回您的版本而不是默认版本。与所有自定义内容一样,该文件必须作为“嵌入式资源”包含在项目中,然后将资源的“逻辑名称”传递给方法,如下所示。有关分步说明,请参阅Injecting Custom Content。
为了兼容性,您应该将自定义“index.html”设置为this version。
httpConfiguration
.EnableSwagger(c => c.SingleApiVersion("v1", "A title for your API"))
.EnableSwaggerUi(c =>
{
c.CustomAsset("index", yourAssembly, "YourWebApiProject.SwaggerExtensions.index.html");
});
在index.html中,您需要将以下方法更改为:
function addApiKeyAuthorization(){
var key = encodeURIComponent($('#input_apiKey')[0].value);
if(key && key.trim() != "") {
var apiKeyAuth = new SwaggerClient.ApiKeyAuthorization("sessionId", key, "header");
window.swaggerUi.api.clientAuthorizations.add("sessionId", apiKeyAuth);
log("added key " + key);
}
}
答案 2 :(得分:0)
config.EnableSwagger(c =>
{
c.SingleApiVersion("v1", "TestApiWithToken");
c.ApiKey("Token")
.Description("Filling bearer token here")
.Name("Authorization")
.In("header");
})
.EnableSwaggerUi(c =>
{
c.EnableApiKeySupport("Authorization", "header");
});