stackoom
  简体   繁体   中英

Add Authentication to /swagger/ui/index page - Swagger | Web API | Swashbuckle

 原文  2016-12-23 05:52:21       c#/ authentication/ asp.net-web-api/ swagger-ui/ swashbuckle

Question

I'm working on a Swagger (Web API) project.
When I first run the application it shows the Login page for Swagger UI.
So, a user first has to login to access Swagger UI Page, However, if user directly enters " http://example.com/swagger/ui/index " then he's able to access the Swagger UI page.

afaik the swagger-ui is served by the swashbuckle assembly. The source is not available in my project.

How can I make the user redirect to login page if he's not logged in to Swagger UI page?

3 answers

solution1
 10 ACCPTED  2016-12-27 07:04:52

Finally, I solved it with DelegtingHandler , here's how I did it:
Create a file SwaggerAccessMessageHandler.cs and add it in App_Start folder. 

using System;
using System.Net;
using System.Net.Http;
using System.Threading;
using System.Threading.Tasks;
public class SwaggerAccessMessageHandler : DelegatingHandler
{
    protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
    {
        if (IsSwagger(request) && !Thread.CurrentPrincipal.Identity.IsAuthenticated)
        {
            HttpResponseMessage response = new HttpResponseMessage(HttpStatusCode.Redirect);
            // Redirect to login URL
            string uri = string.Format("{0}://{1}", request.RequestUri.Scheme, request.RequestUri.Authority);    
            response.Headers.Location = new Uri(uri);
            return Task.FromResult(response);
        }
        else
        {
            return base.SendAsync(request, cancellationToken);
        }
    }

    private bool IsSwagger(HttpRequestMessage request)
    {
        return request.RequestUri.PathAndQuery.Contains("/swagger");
    }
}

Next, Wire up the handler in SwaggeConfig.cs just before enabling Swagger as follows: 

GlobalConfiguration.Configuration.MessageHandlers.Add(new SwaggerAccessMessageHandler());

GlobalConfiguration.Configuration.EnableSwagger(c =>
{
    ...
});

solution2
 5  2016-12-23 06:30:27

You can take a look this link which describes how to lock down the Swagger UI so that only authenticated users can see it

http://knowyourtoolset.com/2015/09/secure-web-apis-with-swagger-swashbuckle-and-oauth2-part-4/

solution3
 0  2019-05-11 11:07:34

spring-security login page

in my case, that is not swagger page but spring-security login page. boot version 2.X includes security auto configuration, so if you add spring-security plugin in build.gradle, remove and restart.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Add default values for swashbuckle/swagger on a Web API controller action Bearer authentication in Swagger UI, when migrating to Swashbuckle.AspNetCore version 5 Authentication with Google in Web API and Swagger Can I specify that Web-Api method expects a file in Swashbuckle/Swagger generated page/json Rename model in Swashbuckle 6 (Swagger) with ASP.NET Core Web API Swagger / Swashbuckle not working on Visual Studio 2013 Web API 2 project What is the default Swagger UI URL in Swashbuckle? Unable to Load swagger API page, missing swagger-ui.css Swashbuckle Swagger asking for api-version? Add summary or vendorextensions to Paths in swagger using swashbuckle
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM