【问题标题】:NSwag's AspNetCoreOperationSecurityScopeProcessor marks all endpoints as requiring AuthorizationNSwag 的 AspNetCoreOperationSecurityScopeProcessor 将所有端点标记为需要授权
【发布时间】:2020-12-03 22:27:52
【问题描述】:

我有这样设置的自定义授权方案:

services.AddAuthentication("ClientApp")
                .AddScheme<ClientAppAuthenticationOptions, ClientAppAuthenticationHandler>("ClientApp", null);

然后我有以下 NSwag OpenAPI 文档配置:

services.AddOpenApiDocument((settings, provider) =>
            {
                settings.DocumentName = "openapi";
                settings.AddSecurity("ClientApp", Enumerable.Empty<string>(), new OpenApiSecurityScheme
                {
                    Type = OpenApiSecuritySchemeType.ApiKey,
                    Description = "Authentications used for client apps, such as Mmcc.Stats.TpsMonitor",
                    Name = "X-Auth-Token",
                    In = OpenApiSecurityApiKeyLocation.Header
                });

                settings.OperationProcessors.Add(
                    new AspNetCoreOperationSecurityScopeProcessor("ClientApp")
                );
                // ...
            }

我在我的控制器中使用[AllowAnonymous][Authorize(AuthenticationSchemes = "ClientApp")] 修饰了动作,但是NSwag 将我的所有端点标记为在ReDoc UI 中要求ClientApp 授权,而不考虑修饰符。为什么?

【问题讨论】:

    标签: c# asp.net-core swagger openapi nswag


    【解决方案1】:

    我已通过将代码更改为以下方式来修复它:

    settings.DocumentProcessors.Add(
                        new SecurityDefinitionAppender("ClientApp",
                            new OpenApiSecurityScheme
                            {
                                Type = OpenApiSecuritySchemeType.ApiKey,
                                Description = "Authentications used for client apps, such as Mmcc.Stats.TpsMonitor",
                                Name = "X-Auth-Token",
                                In = OpenApiSecurityApiKeyLocation.Header
                            }));
                    settings.OperationProcessors.Add(new AspNetCoreOperationSecurityScopeProcessor("ClientApp"));
    

    【讨论】:

    • 遇到同样的问题,不适用于.AddSecurity,但可以手动将SecurityDefinitionAppender 添加到DocumentProcessors,如上所示
    • 很奇怪,看起来.AddSecurity 只是settings.DocumentProcessors.Add(new SecurityDefinitionAppender(name, globalScopeNames, swaggerSecurityScheme)); 的包装器,但直接使用它时有些东西不起作用。也许我没有以正确的方式使用它,或者我搞砸了。
    猜你喜欢
    • 1970-01-01
    • 1970-01-01
    • 2019-12-02
    • 2020-06-20
    • 2014-09-05
    • 2020-06-26
    • 1970-01-01
    • 1970-01-01
    • 2015-10-29
    相关资源
    最近更新 更多