问题描述
我有这样的自定义授权方案:
services.AddAuthentication("ClientApp")
.AddScheme<ClientAppAuthenticationOptions,ClientAppAuthenticationHandler>("ClientApp",null);
然后我具有以下NSwag OpenAPI文档配置:
services.AddOpenApiDocument((settings,provider) =>
{
settings.DocumentName = "openapi";
settings.AddSecurity("ClientApp",Enumerable.Empty<string>(),new OpenApiSecurityScheme
{
Type = OpenApiSecuritySchemeType.ApiKey,Description = "Authentications used for client apps,such as Mmcc.Stats.TpsMonitor",Name = "X-Auth-Token",In = OpenApiSecurityApiKeyLocation.Header
});
settings.OperationProcessors.Add(
new AspNetCoreOperationSecurityScopeProcessor("ClientApp")
);
// ...
}
我已经用[AllowAnonymous]
和[Authorize(AuthenticationSchemes = "ClientApp")]
装饰了控制器中的动作,但是NSwag将我的所有端点标记为需要ReDoc UI中的ClientApp
授权,而不考虑装饰器。为什么?
解决方法
我通过将代码更改为此来解决它:
settings.DocumentProcessors.Add(
new SecurityDefinitionAppender("ClientApp",new OpenApiSecurityScheme
{
Type = OpenApiSecuritySchemeType.ApiKey,Description = "Authentications used for client apps,such as Mmcc.Stats.TpsMonitor",Name = "X-Auth-Token",In = OpenApiSecurityApiKeyLocation.Header
}));
settings.OperationProcessors.Add(new AspNetCoreOperationSecurityScopeProcessor("ClientApp"));