【问题标题】:Empty authorization header on requests for Swashbuckle.AspNetCoreSwashbuckle.AspNetCore 请求上的空授权标头
【发布时间】:2018-09-29 05:15:51
【问题描述】:

目前 .net 核心的 swashbuckle 中的授权标头存在问题 每个端点的第一行代码是:

string auth = Request.Headers["Authorization"];

使用 postman 时,一切正常,但是当从 localhost/swagger 发出请求时,标头为空
插入断点时,标头为空值。
请求的主体是完整的,当从端点删除授权时一切正常

在我的 services.AddSwaggerGen 中添加安全定义:

   services.AddSwaggerGen(c =>
        {
            c.SwaggerDoc("v1", new Info
            {
                Version = "v1",
                Title = "Employee Navigator",
                Description = "Authorization Key: Z29vZEtleQ==",
            });
            c.AddSecurityDefinition("Bearer", new ApiKeyScheme
            {
                Name = "Authorization",
                In = "header",
                Type = "apiKey",
                Description = "Authorization Key: Z29vZEtleQ=="
            });
            c.AddSecurityRequirement(new Dictionary<string, IEnumerable<string>>
            {
                { "Authorization", new[] { "readAccess", "writeAccess" } }
            });

        });

我已更新以下各项以确保没有遗漏任何内容: 我的 csproj 文件包含:

  <ItemGroup>
<Folder Include="wwwroot\" />
<PackageReference Include="Microsoft.AspNetCore.StaticFiles" Version="2.0.1" />
<PackageReference Include="Swashbuckle.AspNetCore.Swagger" Version="2.4.0" />
<PackageReference Include="Swashbuckle.AspNetCore.SwaggerGen" Version="2.4.0" />
<PackageReference Include="Swashbuckle.AspNetCore.SwaggerUi" Version="2.4.0" />
<PackageReference Include="Swashbuckle.AspNetCore" Version="1.1.0" />

【问题讨论】:

    标签: asp.net-core http-headers asp.net-core-2.0 asp.net-core-webapi swashbuckle


    【解决方案1】:

    这里的问题是您的安全定义中的名称 ("Bearer") 与添加到您的安全要求中的名称 ("Authorization") 不匹配。对于后台上下文,SwashBuckle 中曾经存在一个错误,这意味着它在没有定义 SecurityRequirement 的情况下强制执行授权,因此许多人发现它突然停止为他们工作。需求定义有点笨拙,会导致类似的问题。

    如果您更改 SecurityRequirement 以匹配下面的代码,它应该可以工作:

     services.AddSwaggerGen(c =>
        {
            c.SwaggerDoc("v1", new Info
            {
                Version = "v1",
                Title = "Employee Navigator",
                Description = "Authorization Key: Z29vZEtleQ==",
            });
            c.AddSecurityDefinition("Bearer", new ApiKeyScheme
            {
                Name = "Authorization",
                In = "header",
                Type = "apiKey",
                Description = "Authorization Key: Z29vZEtleQ=="
            });
            c.AddSecurityRequirement(new Dictionary<string, IEnumerable<string>>
            {
                { "Bearer", new[] { "readAccess", "writeAccess" } }
            });
    
        });
    

    【讨论】:

      【解决方案2】:

      首先,你可以像这样使用AddSwaggerGen方法

        services.AddSwaggerGen(c =>
              {
                  c.SwaggerDoc(
                      "v1",
                      new OpenApiInfo
                      {
                          Title = "v1",
                          Description = "My Web - API",
                          Version = "V1.0.0"
                      });
                  // Add security definitions
                  var securityScheme = new OpenApiSecurityScheme()
                  {
                      Description = "Standard Authorization header using the Bearer scheme. Example: \"bearer {token}\"",
                      Name = "Authorization",
                      In = ParameterLocation.Header,
                      Type = SecuritySchemeType.Http,
                      BearerFormat = "JWT",
                      Scheme = "bearer"
                  };
                  c.AddSecurityDefinition("Bearer", securityScheme);
                  
                  //And Add security requirements globally.  If needs to be unique per operation then use IOperationFilter. 
                  c.OperationFilter<AuthResponsesOperationFilter>();
              });
      

      例如 AuthResponsesOperationFilter 可以移除 AllowAnonymous 方法上的授权挂锁图标

      AuthResponsesOperationFilter

      public class AuthResponsesOperationFilter : IOperationFilter
      {
          public void Apply(OpenApiOperation operation, OperationFilterContext context)
          {
              var authAttributes = context.MethodInfo.DeclaringType.GetCustomAttributes(true)
                  .Union(context.MethodInfo.GetCustomAttributes(true))
                  .OfType<AuthorizeAttribute>();
      
              if (authAttributes.Any())
              {
                  var securityRequirement = new OpenApiSecurityRequirement()
                  {
                      {
                          // Put here you own security scheme, this one is an example
                          new OpenApiSecurityScheme
                          {
                              Reference = new OpenApiReference
                              {
                                  Type = ReferenceType.SecurityScheme,
                                  Id = "Bearer"
                              },
                              Scheme = "Bearer",
                              Name = "Authorization",
                              In = ParameterLocation.Header,
                              Description = "Standard Authorization header using the Bearer scheme. Example: \"bearer {token}\"",
                              Type = SecuritySchemeType.ApiKey,
                              BearerFormat = "JWT"
                          },
                          new List<string>()
                      }
                  };
                  
                  operation.Security = new List<OpenApiSecurityRequirement> { securityRequirement };
                  operation.Responses.Add("401", new OpenApiResponse { Description = "Unauthorized" });
              }
          }
      }
      

      【讨论】:

        【解决方案3】:

        如果有人遇到此问题,请找到答案:

        我的解决方案可以在这里找到: https://github.com/domaindrivendev/Swashbuckle.AspNetCore/issues/696

        可以在此处找到有关该主题的更多信息: https://github.com/domaindrivendev/Swashbuckle.AspNetCore/issues/603

        【讨论】:

          猜你喜欢
          • 1970-01-01
          • 2014-08-18
          • 1970-01-01
          • 2015-06-30
          • 1970-01-01
          • 1970-01-01
          • 1970-01-01
          • 1970-01-01
          • 2021-12-19
          相关资源
          最近更新 更多