C#:Swagger/Swashbuckle - 连接安全方案与 "AND"
C#: Swagger/Swashbuckle - Connect security schemes with "AND"
我有一个 ASP.NET 核心 Api,其中要求对一个操作使用多个身份验证方案。我试图通过在 Swagger UI 中显示所有必需的身份验证方案来记录这些操作。
因此,我使用 Swashbuckle.AspNetCore (5.1.0) 库将 OpenApiSecurityRequirement 动态添加到 IOperationFilter 中的 OpenApiOperation:
if (authorizeAttributes.Any(x => x.AuthenticationSchemes.Contains(InternalControllerBasicAuthentication.AuthenticationScheme)))
{
requirements.Add(new OpenApiSecurityRequirement
{
{
new OpenApiSecurityScheme {
Reference = new OpenApiReference {
Type = ReferenceType.SecurityScheme,
Id = "credentials"
}
},
new [] { "Basic <credentials-value>" }
}
});
}
if (authorizeAttributes.Any(x => x.AuthenticationSchemes.Contains(OneTimePasswordAuthentication.AuthenticationScheme)))
{
requirements.Add(new OpenApiSecurityRequirement
{
{
new OpenApiSecurityScheme {
Reference = new OpenApiReference {
Type = ReferenceType.SecurityScheme,
Id = "one-time-password"
}
},
new [] { "Basic <one-time-password-value>" }
}
});
}
operation.Security = new List<OpenApiSecurityRequirement>(requirements);
此外,我使用 SwaggerGenOptions 来注册所有可能的方案:
var oneTimePasswordScheme = new OpenApiSecurityScheme
{
Name = "one-time-password",
In = ParameterLocation.Header,
Scheme = "one-time-password",
Type = SecuritySchemeType.ApiKey
};
options.AddSecurityDefinition("one-time-password", oneTimePasswordScheme);
var credentialsScheme = new OpenApiSecurityScheme
{
Name = "credentials",
In = ParameterLocation.Header,
Scheme = "credentials",
Type = SecuritySchemeType.ApiKey
};
options.AddSecurityDefinition("credentials", credentialsScheme);
除了 Swagger 在 UI:
中使用 OR 连接器外,一切正常
有没有办法使用 AND 连接器配置 Swagger?
非常感谢任何帮助!
不是为每个 OpenApiSecurityScheme 添加一个 OpenApiSecurityRequirement,而是需要将所有 OpenApiSecurityScheme 个对象放入一个 OpenApiSecurityRequirement.
将安全要求与或联系起来:
var requirements = new List<OpenApiSecurityRequirement>();
requirements.Add(new OpenApiSecurityRequirement
{
{
new OpenApiSecurityScheme {
Reference = new OpenApiReference {
Type = ReferenceType.SecurityScheme,
Id = "scheme-1"
}
},
new [] { "scheme-1-value" }
}
});
requirements.Add(new OpenApiSecurityRequirement
{
{
new OpenApiSecurityScheme {
Reference = new OpenApiReference {
Type = ReferenceType.SecurityScheme,
Id = "scheme-2"
}
},
new [] { "scheme-2-value" }
}
});
operation.Security = new List<OpenApiSecurityRequirement>(requirements);
将安全要求与 AND:
联系起来
var requirement = new OpenApiSecurityRequirement();
requirement.Add(new OpenApiSecurityScheme {
Reference = new OpenApiReference {
Type = ReferenceType.SecurityScheme,
Id = "scheme-1"
}
},
new [] { "scheme-1-value" }
);
requirement.Add(new OpenApiSecurityScheme {
Reference = new OpenApiReference {
Type = ReferenceType.SecurityScheme,
Id = "scheme-2"
}
},
new [] { "scheme-2-value" }
);
operation.Security = new List<OpenApiSecurityRequirement> { requirement };
我有一个 ASP.NET 核心 Api,其中要求对一个操作使用多个身份验证方案。我试图通过在 Swagger UI 中显示所有必需的身份验证方案来记录这些操作。
因此,我使用 Swashbuckle.AspNetCore (5.1.0) 库将 OpenApiSecurityRequirement 动态添加到 IOperationFilter 中的 OpenApiOperation:
if (authorizeAttributes.Any(x => x.AuthenticationSchemes.Contains(InternalControllerBasicAuthentication.AuthenticationScheme)))
{
requirements.Add(new OpenApiSecurityRequirement
{
{
new OpenApiSecurityScheme {
Reference = new OpenApiReference {
Type = ReferenceType.SecurityScheme,
Id = "credentials"
}
},
new [] { "Basic <credentials-value>" }
}
});
}
if (authorizeAttributes.Any(x => x.AuthenticationSchemes.Contains(OneTimePasswordAuthentication.AuthenticationScheme)))
{
requirements.Add(new OpenApiSecurityRequirement
{
{
new OpenApiSecurityScheme {
Reference = new OpenApiReference {
Type = ReferenceType.SecurityScheme,
Id = "one-time-password"
}
},
new [] { "Basic <one-time-password-value>" }
}
});
}
operation.Security = new List<OpenApiSecurityRequirement>(requirements);
此外,我使用 SwaggerGenOptions 来注册所有可能的方案:
var oneTimePasswordScheme = new OpenApiSecurityScheme
{
Name = "one-time-password",
In = ParameterLocation.Header,
Scheme = "one-time-password",
Type = SecuritySchemeType.ApiKey
};
options.AddSecurityDefinition("one-time-password", oneTimePasswordScheme);
var credentialsScheme = new OpenApiSecurityScheme
{
Name = "credentials",
In = ParameterLocation.Header,
Scheme = "credentials",
Type = SecuritySchemeType.ApiKey
};
options.AddSecurityDefinition("credentials", credentialsScheme);
除了 Swagger 在 UI:
中使用OR 连接器外,一切正常
有没有办法使用 AND 连接器配置 Swagger?
非常感谢任何帮助!
不是为每个 OpenApiSecurityScheme 添加一个 OpenApiSecurityRequirement,而是需要将所有 OpenApiSecurityScheme 个对象放入一个 OpenApiSecurityRequirement.
将安全要求与或联系起来:
var requirements = new List<OpenApiSecurityRequirement>();
requirements.Add(new OpenApiSecurityRequirement
{
{
new OpenApiSecurityScheme {
Reference = new OpenApiReference {
Type = ReferenceType.SecurityScheme,
Id = "scheme-1"
}
},
new [] { "scheme-1-value" }
}
});
requirements.Add(new OpenApiSecurityRequirement
{
{
new OpenApiSecurityScheme {
Reference = new OpenApiReference {
Type = ReferenceType.SecurityScheme,
Id = "scheme-2"
}
},
new [] { "scheme-2-value" }
}
});
operation.Security = new List<OpenApiSecurityRequirement>(requirements);
将安全要求与 AND:
联系起来var requirement = new OpenApiSecurityRequirement();
requirement.Add(new OpenApiSecurityScheme {
Reference = new OpenApiReference {
Type = ReferenceType.SecurityScheme,
Id = "scheme-1"
}
},
new [] { "scheme-1-value" }
);
requirement.Add(new OpenApiSecurityScheme {
Reference = new OpenApiReference {
Type = ReferenceType.SecurityScheme,
Id = "scheme-2"
}
},
new [] { "scheme-2-value" }
);
operation.Security = new List<OpenApiSecurityRequirement> { requirement };