C# 使用OpenAPI操作筛选器向需要身份验证的控制器端点添加安全要求
我试图通过向需要身份验证的端点添加安全要求来改进我的项目openapi定义 如果端点是具有C# 使用OpenAPI操作筛选器向需要身份验证的控制器端点添加安全要求,c#,asp.net-core,.net-core,openapi,C#,Asp.net Core,.net Core,Openapi,我试图通过向需要身份验证的端点添加安全要求来改进我的项目openapi定义 如果端点是具有[Authorize]装饰器的类的方法,并且缺少[AllowAnonymous]装饰器,则需要进行身份验证 我正试图使用IOperationFilter来添加基于此的安全要求,但我正在努力使用过滤器描述符-我找不到任何关于这些如何工作的文档 这是我基于另一个StackOverflow线程的当前筛选器: using Microsoft.AspNetCore.Http; using Microsoft.Asp
[Authorize]
装饰器的类的方法,并且缺少[AllowAnonymous]
装饰器,则需要进行身份验证
我正试图使用IOperationFilter
来添加基于此的安全要求,但我正在努力使用过滤器描述符-我找不到任何关于这些如何工作的文档
这是我基于另一个StackOverflow线程的当前筛选器:
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc.Authorization;
using Microsoft.OpenApi.Models;
using Swashbuckle.AspNetCore.Swagger;
using Swashbuckle.AspNetCore.SwaggerGen;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
namespace OpenData.Filters {
public class AddAuthHeaderOperationFilter : IOperationFilter
{
private readonly IHttpContextAccessor httpContextAccessor;
public AddAuthHeaderOperationFilter(IHttpContextAccessor httpContextAccessor)
{
this.httpContextAccessor = httpContextAccessor;
}
public void Apply(OpenApiOperation operation, OperationFilterContext context)
{
var filterDescriptor = context.ApiDescription.ActionDescriptor.FilterDescriptors;
var isAuthorized = filterDescriptor.Select(filterInfo => filterInfo.Filter).Any(filter => filter is AuthorizeFilter);
var allowAnonymous = filterDescriptor.Select(filterInfo => filterInfo.Filter).Any(filter => filter is IAllowAnonymousFilter);
if (/*isAuthorized && */!allowAnonymous)
{
operation.Responses.Add("401", new OpenApiResponse { Description = "Unauthorized" });
operation.Responses.Add("403", new OpenApiResponse { Description = "Forbidden" });
//Add JWT bearer type
operation.Security.Add(new OpenApiSecurityRequirement
{
{
new OpenApiSecurityScheme
{
Reference = new OpenApiReference
{
Type = ReferenceType.SecurityScheme,
Id = "Bearer"
},
Scheme = "Bearer",
Name = "Bearer",
In = ParameterLocation.Header,
},
new List<string>()
}
});
}
}
}
}
研究这一点一直是一件痛苦的事情,在网络上似乎没有任何关于这个API的容易获得的文档,我也没有找到任何关于这个版本的dotnetcore/swagger的例子
我的版本:
- .netcore 3.1
- Swashback.AspNetCore 5.0.0
public void Apply(OpenApiOperation operation, OperationFilterContext context)
{
var authAttributes = context.MethodInfo.DeclaringType.GetCustomAttributes(true)
.Union(context.MethodInfo.GetCustomAttributes(true))
.OfType<AuthorizeAttribute>();
var allowAnonymousAttributes = context.MethodInfo.DeclaringType.GetCustomAttributes(true)
.Union(context.MethodInfo.GetCustomAttributes(true))
.OfType<AllowAnonymousAttribute>();
if (authAttributes.Any() && !allowAnonymousAttributes.Any())
{
operation.Responses.Add("401", new OpenApiResponse { Description = "Unauthorized" });
operation.Responses.Add("403", new OpenApiResponse { Description = "Forbidden" });
}
//...
}
public void Apply(OpenApiOperation操作,OperationFilterContext上下文)
{
var authtattributes=context.MethodInfo.DeclaringType.GetCustomAttributes(true)
.Union(context.MethodInfo.GetCustomAttributes(true))
.字体
public void Apply(OpenApiOperation operation, OperationFilterContext context)
{
var authAttributes = context.MethodInfo.DeclaringType.GetCustomAttributes(true)
.Union(context.MethodInfo.GetCustomAttributes(true))
.OfType<AuthorizeAttribute>();
var allowAnonymousAttributes = context.MethodInfo.DeclaringType.GetCustomAttributes(true)
.Union(context.MethodInfo.GetCustomAttributes(true))
.OfType<AllowAnonymousAttribute>();
if (authAttributes.Any() && !allowAnonymousAttributes.Any())
{
operation.Responses.Add("401", new OpenApiResponse { Description = "Unauthorized" });
operation.Responses.Add("403", new OpenApiResponse { Description = "Forbidden" });
}
//...
}