问题描述
我想使用 Swashbuckle (swagger for .net) 对 WebAPI 项目进行基于 API 密钥的身份验证.
我已将 swashbuckle 配置如下:
配置.EnableSwagger(c =>{c.ApiKey("apiKey").Description("API 密钥认证").Name("X-ApiKey").In("标题");c.SingleApiVersion("v1", "我的 API");}).EnableSwaggerUi();(参见 https://github.com/domaindrivendev/Swashbuckle#describing-securityauthorization-方案)
它似乎创建了我期望的 swagger 文件:
安全定义":{apiKey":{类型":apiKey","description": "API 密钥认证","name": "X-ApiKey",在":标题"}}但是当我进入 UI 并尝试一下"时,它会尝试将 API 密钥放入查询字符串(我认为这是默认行为)而不是标题中.
例如:
curl -X POST --header 'Accept: application/json' 'http://localhost:63563/api/MyMethod?api_key=key'
我怎样才能大摇大摆地使用将 API 密钥放在标头而不是查询字符串中?
2021-09-15 更新:
正如 Justin Greywolf 的评论中已经指出的那样.
在"和类型"属性已从字符串更改为 ParameterLocation 和 SecuritySchemeType 枚举:
services.AddSwaggerGen(c =>{c.SwaggerDoc("v1", new Info { Title = "[anything]", Version = "v1" });c.AddSecurityDefinition("[auth scheme: 与 asp.net 定义的名称相同]", new ApiKeyScheme() {在 = ParameterLocation.Header,Name = "X-API-KEY",//带有 api 密钥的标头类型 = SecuritySchemeType.ApiKey,});});2019-04-10 更新:
范式已经转变以适应生成的 swagger.json 中的安全定义
来源 https://github.com/domaindrivendev/Swashbuckle.AspNetCore#add-security-definitions-and-requirements
services.AddSwaggerGen(c =>{c.SwaggerDoc("v1", new Info { Title = "[anything]", Version = "v1" });c.AddSecurityDefinition("[auth scheme: 与 asp.net 定义的名称相同]", new ApiKeyScheme() {in = "header",//在哪里可以找到 apiKey,可能在 header 中Name = "X-API-KEY",//带有 api 密钥的标头Type = "apiKey",//这个值总是 "apiKey";});});
原答案
检查一下:
配置.EnableSwagger(c =>{c.ApiKey("apiKey").Description(API 密钥认证").Name("X-ApiKey").In(标题");c.SingleApiVersion(v1", 我的 API");}).EnableSwaggerUi(c => {c.EnableApiKeySupport("X-ApiKey", "header");})I want to do API key based authentication on a WebAPI project with Swashbuckle (swagger for .net).
I have configured swashbuckle as below:
config
.EnableSwagger(c =>
{
c.ApiKey("apiKey")
.Description("API Key Authentication")
.Name("X-ApiKey")
.In("header");
c.SingleApiVersion("v1", "My API");
})
.EnableSwaggerUi();
(see https://github.com/domaindrivendev/Swashbuckle#describing-securityauthorization-schemes)
It appears to create the swagger file I expect:
"securityDefinitions": {
"apiKey": {
"type": "apiKey",
"description": "API Key Authentication",
"name": "X-ApiKey",
"in": "header"
}
}
But when I go to the UI and 'Try it out' it tries to put the API key into the query string (which I think is the default behavior) instead of the headers.
eg:
curl -X POST --header 'Accept: application/json' 'http://localhost:63563/api/MyMethod?api_key=key'
How can I get swagger to use put the API key in the header instead of the query string?
Update 2021-09-15:
As already noted in Justin Greywolf's comment.
The "In" and "Type" properties have been changed from a string to the ParameterLocation and SecuritySchemeType enums:
services.AddSwaggerGen(c =>{
c.SwaggerDoc("v1", new Info { Title = "[anything]", Version = "v1" });
c.AddSecurityDefinition("[auth scheme: same name as defined for asp.net]", new ApiKeyScheme() {
In = ParameterLocation.Header,
Name = "X-API-KEY", //header with api key
Type = SecuritySchemeType.ApiKey,
});
});
Update 2019-04-10:
The paradigm has shifted to accommodate security definitions in the generated swagger.json
Source https://github.com/domaindrivendev/Swashbuckle.AspNetCore#add-security-definitions-and-requirements
services.AddSwaggerGen(c =>{
c.SwaggerDoc("v1", new Info { Title = "[anything]", Version = "v1" });
c.AddSecurityDefinition("[auth scheme: same name as defined for asp.net]", new ApiKeyScheme() {
In = "header", // where to find apiKey, probably in a header
Name = "X-API-KEY", //header with api key
Type = "apiKey", // this value is always "apiKey"
});
});
Original Answer
Check it out:
config
.EnableSwagger(c =>
{
c.ApiKey("apiKey")
.Description("API Key Authentication")
.Name("X-ApiKey")
.In("header");
c.SingleApiVersion("v1", "My API");
})
.EnableSwaggerUi(c => {
c.EnableApiKeySupport("X-ApiKey", "header");
})
这篇关于带有花饰的标头中的 API 密钥的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!