stackoom
  简体   繁体   中英

Swagger-Net supporting API Key authentication

 原文  2019-07-16 17:33:50       asp.net-web-api/ swagger/ swagger-net

Question

We are using token authentication in our WebAPI application. Every call (other then method which obtains key) uses same pattern.

Authorization: our-token v01544b7dce-95c1-4406-ad4d-b29202d0776c

We implemented authentication using Attribute and IActionFilter

Controllers look like so: 

[RoutePrefix("api/tms/auth")]
    public class AuthController : BaseController
    {
        public ISecurityService SecurityService { get; set; }

        [TokenAuth]
        [Route("logout")]
        [HttpPost]
        public HttpResponseMessage Logout()
        {
            try
            {
                this.SecurityService.InvalidateAccessToken(this.StaticContextWrapperService.AccountId, token, HttpContext.Current.Request.UserHostAddress);

                // Return OK status
                return new HttpResponseMessage(HttpStatusCode.OK);
            }
            catch (LoginException le)
            {
                return this.LogoutFailureResponse(le.Message);
            }
        }


        private HttpResponseMessage LogoutFailureResponse(string message)
        {
            return new HttpResponseMessage(HttpStatusCode.BadRequest)
            {
                Content = new StringContent(message, Encoding.UTF8, "text/plain")
            };
        }
    }

Swagger config has following: 

c.ApiKey("our-token", "header", "Our Token Authentication");

Swagger UI showing "Authorize" button and I can paste token into field on popup. However, no headers passed in any tests. And no methods have "lock" icon on them.

EDIT:

I also tried: 

c.ApiKey("our-token", "header", "Our Token Authentication", typeof(TokenAuthAttribute));

Where attribute is just attribute: 

[AttributeUsage(AttributeTargets.Method | AttributeTargets.Class)]
    public class TokenAuthAttribute : Attribute
    {
    }

Then we use IActionFilter to check if attribute applied to method and thats where we check for permission. This is done to use service via DI.

EDIT2:

I made change to how Attribute declared: 

[AttributeUsage(AttributeTargets.Method | AttributeTargets.Class)]
        public class TokenAuthAttribute : AuthorizeAttribute
        {
        }

After than Swagger UI started to show all methods as secured, so it does analyze that it's in fact AuthorizeAttribute , not just Attribute

After that it started to put header like so: our-token: ZGV2OnYwMTA2YjZmYjdhLWRlNTUtNDZlNC1hN2Q4LTYxMjgwNTg2M2FiZQ==

Where it should be: Authorization: our-token GV2OnYwMTA2YjZmYjdhLWRlNTUtNDZlNC1hN2Q4LTYxMjgwNTg2M2FiZQ==

1 answers

solution1
 1  2019-07-16 17:40:20

If I'm not mistaken you should have: 

c.ApiKey("our-token", "header", "Our Token Authentication", typeof(TokenAuthAttribute));

With that in place, all the actions tagged with TokenAuth should show a lock icon

You can see it in action in one of mine:
https://turoapi.azurewebsites.net/swagger/ui/index

And the code behind that is here:
https://github.com/heldersepu/TuroApi/blob/master/TuroApi/App_Start/SwaggerConfig.cs#L67

招摇,net_auth

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Authentication with Google in Web API and Swagger How to implement an ASP.Net Core API Controller which allows Bearer Token authentication OR api key authentication Add Authentication to /swagger/ui/index page - Swagger | Web API | Swashbuckle Is it possible to change the name of api_key in swagger? Support Token Based Authentication in Swagger Documentation for Web API Swagger.NET MVC Api Exception Angular 2 and .NET Web API Authentication How to set swagger basePath in ASP.NET Web Api? Documenting /Designing ASP.NET Web API with Swagger ASP.NET Web API - Swagger , create multiple views
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM