我有一些HTTP POST端点,需要将AntiForgery令牌作为名为RequestVerificationToken的标头附加。
如何将名为“ AFT令牌”的字段添加到SwaggerUI上的每个HTTP POST请求中,以使用其在名为RequestVerificationToken的标头中的值?
是否可以使用C#代码进行编辑,或者我必须编辑一些Swagger配置?
样本端点:
[HttpPost]
[ValidateAntiForgeryToken]
[Route("[controller]/[action]")]
public async Task<IActionResult> Test([FromBody]Type data)
答案 0 :(得分:0)
您可以在自定义中间件中自定义请求。
例如:
$("#grid").jqGrid({
url:"<%=url%>ObjectController?module="+module+"&levelId="+levelId+"&subLevelId="+subLevelId+"&subSubLevelId="+subSubLevelId+"&docRefNo="+docRefNo+"&divisionId="+divisionId+"&deptId="+deptId+"&viewDocStatus="+viewDocStatus+"&docStatus="+docStatus+"&queryString="+queryString+"&qString="+qString+"&V="+plantId+"&searchString="+searchString,
datatype: "json",
rowNum:10,
rowList : PAGINATIONPAGESIZES,
paging: true,
autowidth: true,
altRows:false,
rownumbers: true,
multiselect: true,
shrinkToFit: false,
viewrecords: true,
loadonce:true,
ignoreCase:true,
multiboxonly: false,
loadComplete : function () {
jQuery("#grid").setGridParam({rowNum:10}).trigger("reloadGrid");
},
beforeSelectRow: handleMultiSelect,
<% if(workFlowCreatorRoleList != null
&& workFlowCreatorRoleList.size() >0
&& workFlowCreatorRoleList.contains(Integer.valueOf(roleId))
|| (session.getAttribute("employeeRoleId")!=null
&& session.getAttribute("employeeRoleId").toString().equalsIgnoreCase(com.sobis.ims.util.ApplicationConstants.GLOBAL_ADMIN_ROLE))) { %>
colNames: ["","docId","","I","","","R","Document No","Title","Issue No","Rev No","Issue Effective Date","","","",""],
<% } else { %>
colNames: ["","docId","","Document No","Title","Issue No","Rev No","Issue Effective Date","","","",""],
<% } %>
colModel: [{
name: 'viewURL',
search:true,
hidden:true,
width:0,
fontsize:'5px',
resizable: true,
title :false,
classes:"grid-col",
},{
但是我不会这样做,因为它允许在开发以外的其他环境中访问。
我要做的是休假。
1。只允许在开发中大摇大摆。 2.仅在非开发中使用AutoValidateAntiforgery。
或者像上面的示例一样创建自定义中间件,并将其仅放在开发环境中。
已通读https://docs.microsoft.com/en-us/aspnet/core/security/anti-request-forgery?view=aspnetcore-2.2
希望这会有所帮助。