我有一个ASP.NET Core Api,在其中需要对一个操作使用多种身份验证方案。我正在尝试通过在Swagger UI中显示所有必需的身份验证方案来记录这些操作。因此,我使用Swashbuckle.AspNetCore(5.1.0)库将OpenApiSecurityRequirement
动态添加到OpenApiOperation
中的IOperationFilter
:
if (authorizeAttributes.Any(x => x.AuthenticationSchemes.Contains(InternalControllerBasicAuthentication.AuthenticationScheme)))
{
requirements.Add(new OpenApiSecurityRequirement
{
{
new OpenApiSecurityScheme {
Reference = new OpenApiReference {
Type = ReferenceType.SecurityScheme,
Id = "credentials"
}
},
new [] { "Basic <credentials-value>" }
}
});
}
if (authorizeAttributes.Any(x => x.AuthenticationSchemes.Contains(OneTimePasswordAuthentication.AuthenticationScheme)))
{
requirements.Add(new OpenApiSecurityRequirement
{
{
new OpenApiSecurityScheme {
Reference = new OpenApiReference {
Type = ReferenceType.SecurityScheme,
Id = "one-time-password"
}
},
new [] { "Basic <one-time-password-value>" }
}
});
}
operation.Security = new List<OpenApiSecurityRequirement>(requirements);
此外,我使用SwaggerGenOptions
注册所有可能的方案:
var oneTimePasswordScheme = new OpenApiSecurityScheme
{
Name = "one-time-password",
In = ParameterLocation.Header,
Scheme = "one-time-password",
Type = SecuritySchemeType.ApiKey
};
options.AddSecurityDefinition("one-time-password", oneTimePasswordScheme);
var credentialsScheme = new OpenApiSecurityScheme
{
Name = "credentials",
In = ParameterLocation.Header,
Scheme = "credentials",
Type = SecuritySchemeType.ApiKey
};
options.AddSecurityDefinition("credentials", credentialsScheme);
除了使用用户界面中的OR
连接器的Swagger之外,其他所有功能都正常:
是否有使用AND
连接器配置Swagger的方法?
任何帮助将不胜感激!
代替为每个OpenApiSecurityRequirement
添加OpenApiSecurityScheme
,必须将所有OpenApiSecurityScheme
对象放入单个OpenApiSecurityRequirement
。
将安全性要求与OR连接:
var requirements = new List<OpenApiSecurityRequirement>();
requirements.Add(new OpenApiSecurityRequirement
{
{
new OpenApiSecurityScheme {
Reference = new OpenApiReference {
Type = ReferenceType.SecurityScheme,
Id = "scheme-1"
}
},
new [] { "scheme-1-value" }
}
});
requirements.Add(new OpenApiSecurityRequirement
{
{
new OpenApiSecurityScheme {
Reference = new OpenApiReference {
Type = ReferenceType.SecurityScheme,
Id = "scheme-2"
}
},
new [] { "scheme-2-value" }
}
});
operation.Security = new List<OpenApiSecurityRequirement>(requirements);
将安全性要求与AND:
关联var requirement = new OpenApiSecurityRequirement();
requirement.Add(new OpenApiSecurityScheme {
Reference = new OpenApiReference {
Type = ReferenceType.SecurityScheme,
Id = "scheme-1"
}
},
new [] { "scheme-1-value" }
);
requirement.Add(new OpenApiSecurityScheme {
Reference = new OpenApiReference {
Type = ReferenceType.SecurityScheme,
Id = "scheme-2"
}
},
new [] { "scheme-2-value" }
);
operation.Security = new List<OpenApiSecurityRequirement> { requirement };