快捷導(dǎo)航

C# swagger ui增加訪問限制方式

更新時(shí)間：2025年02月27日 10:43:17 作者：C_24910

本文介紹了如何在C#中使用Swagger UI并增加訪問限制,通過創(chuàng)建`SwaggerBasicAuthMiddleware`類和`MiddlewareExtension`類,并在`Startup.cs`的`Configure`方法中注入`app.UseSwaggerBasicAuth()`,從而實(shí)現(xiàn)對(duì)Swagger頁面的訪問控制

C# swagger ui增加訪問限制

swagger 頁面是個(gè)很好的接口文檔，可以直接給三方系統(tǒng)查看參考，如果所有人都能訪問有一些風(fēng)險(xiǎn)

只需要三部解決。不廢話，直接上代碼

1、增加SwaggerBasicAuthMiddleware.cs類

using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Http;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Net;
using System.Net.Http.Headers;
using System.Text;
using System.Threading.Tasks;
using VOL.Core.Configuration;
using VOL.Core.DBManager;
using VOL.Core.Extensions;
using VOL.Entity.DomainModels;

public class SwaggerBasicAuthMiddleware
{
    private readonly RequestDelegate next;
    public SwaggerBasicAuthMiddleware(RequestDelegate next)
    {
        this.next = next;
    }
    /// <summary>
    /// 驗(yàn)證賬號(hào)密碼
    /// </summary>
    /// <param name="userName">賬號(hào)</param>
    /// <param name="passWorld">密碼</param>
    /// <returns></returns>
    public bool Login(string userName, string passWorld)
    {
        var EncryptPwd = passWorld.EncryptDES(AppSetting.Secret.User);//密碼加密
        return DBServerProvider.DbContext.Set<Sys_User>().Where(s => s.UserName == userName && s.UserPwd == EncryptPwd).Any();
    }
    public async Task InvokeAsync(HttpContext context)
    {
        if (context.Request.Path.StartsWithSegments("/swagger"))
        {
            string authHeader = context.Request.Headers["Authorization"];
            if (authHeader != null && authHeader.StartsWith("Basic"))
            {
                // Get the credentials from request header
                var header = AuthenticationHeaderValue.Parse(authHeader);
                var inBytes = Convert.FromBase64String(header.Parameter);
                var credentials = Encoding.UTF8.GetString(inBytes).Split(':');
                var username = credentials[0];
                var password = credentials[1];
                // validate credentials
                if (Login(username, password))
                {
                    await next.Invoke(context).ConfigureAwait(false);
                    return;
                }
            }
            //告知服務(wù)器端需要進(jìn)行Basic認(rèn)證
            context.Response.Headers["WWW-Authenticate"] = "Basic";
            context.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
        }
        else
        {
            await next.Invoke(context).ConfigureAwait(false);
        }
    }

}

可以將login方法換成你需要的校驗(yàn)，我這里直接用系統(tǒng)的賬號(hào)密碼做的校驗(yàn)

2、增加MiddlerwareExtention.cs類

using Microsoft.AspNetCore.Builder;
/// <summary>
/// 中間件拓展類
/// </summary>
public static class MiddlerwareExtention
{
    public static IApplicationBuilder UseSwaggerBasicAuth(this IApplicationBuilder app)
    {
        return app.UseMiddleware<SwaggerBasicAuthMiddleware>();

    }
}