一、非全局token
看起來全部是token驗證,無法區分那個方法是需要token驗證的和非token驗證的,很混亂。
選擇 實現IOperationFilter接口
代碼如下:
using Microsoft.AspNetCore.Authorization; using Swashbuckle.AspNetCore.Swagger; using Swashbuckle.AspNetCore.SwaggerGen; using System; using System.Collections.Generic; using System.Linq; using System.Reflection; using System.Threading.Tasks; namespace ZanLveCore { public class SwaggerOperationFilter : IOperationFilter { public void Apply(Swashbuckle.AspNetCore.Swagger.Operation operation, OperationFilterContext context) { operation.Parameters = operation.Parameters ?? new List<IParameter>(); var info = context.MethodInfo; context.ApiDescription.TryGetMethodInfo(out info); try { Attribute attribute = info.GetCustomAttribute(typeof(AuthorizeAttribute)); if (attribute != null) { operation.Parameters.Add(new BodyParameter { Name = "Authorization", @In = "header", Description = "access_token", Required = true }); } } catch { } } } }
接下來調用 options.OperationFilter<SwaggerOperationFilter>(); 就好啦
效果如圖:
Authorization 的
二、core3.1 全局小鎖
只是檢查contorller的authroize注解。有就在swagger文檔加鎖。沒有就不加。
代碼如下:
using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.JsonPatch.Operations; using Microsoft.OpenApi.Models; using Swashbuckle.AspNetCore.Swagger; using Swashbuckle.AspNetCore.SwaggerGen; using System; using System.Collections.Generic; using System.Linq; using System.Threading.Tasks; namespace Web.Api.Server.Swagger { public class AuthResponsesOperationFilter : IOperationFilter { public void Apply(OpenApiOperation operation, OperationFilterContext context) { var authAttributes = context.MethodInfo.DeclaringType.GetCustomAttributes(true) .Union(context.MethodInfo.GetCustomAttributes(true)) .OfType<AuthorizeAttribute>(); if (authAttributes.Any()) { operation.Responses.Add("401", new OpenApiResponse { Description = "未經許可的訪問(Unauthorized)" }); operation.Responses.Add("403", new OpenApiResponse { Description = "禁止訪問(Forbidden)" }); var BearerScheme = new OpenApiSecurityScheme { Reference = new OpenApiReference { Type = ReferenceType.SecurityScheme, Id = "Bearer" } }; operation.Security = new List<OpenApiSecurityRequirement> { new OpenApiSecurityRequirement { [BearerScheme] = new List<string>() } }; } } } }
引用
三、core 2.1 全局小鎖
只是檢查contorller的authroize注解。有就在swagger文檔加鎖。沒有就不加。
using Microsoft.AspNetCore.Authorization; using Swashbuckle.AspNetCore.Swagger; using Swashbuckle.AspNetCore.SwaggerGen; using System.Collections.Generic; using System.Linq; namespace ZanLveCore { public class AuthResponsesOperationFilter : IOperationFilter { public void Apply(Operation operation, OperationFilterContext context) { var authAttributes = context.MethodInfo.DeclaringType.GetCustomAttributes(true) .Union(context.MethodInfo.GetCustomAttributes(true)) .OfType<AuthorizeAttribute>(); if (authAttributes.Any()) { operation.Responses.Add("401", new Response { Description = "未經許可的訪問(Unauthorized)" }); operation.Responses.Add("403", new Response { Description = "禁止訪問(Forbidden)" }); operation.Security = new List<IDictionary<string, IEnumerable<string>>> { new Dictionary<string, IEnumerable<string>> { { "Bearer", Enumerable.Empty<string>() } } }; } } } }
效果:
注意:雖然ui小鎖實現,但是點擊沒觸發,需要更改添加上支持Swagger驗證
對應
代碼如下:
//添加一個必須的全局安全信息 /*var security = new Dictionary<string, IEnumerable<string>> { { "ZanLveCore", new string[] { } }, }; options.AddSecurityRequirement(security);*/ options.AddSecurityDefinition("Bearer", new ApiKeyScheme { Description = "JWT授權(數據將在請求頭中進行傳輸) 在下方輸入Bearer {token} 即可,注意兩者之間有空格", Name = "Authorization",//jwt默認的參數名稱 In = "header",//jwt默認存放Authorization信息的位置(請求頭中) Type = "apiKey" }); // Token綁定到ConfigureServices
最好將Bearer更改ZanLveCore(授權解決方案名)