Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to document API Key authentication using Swashbuckle.AspNetCore v5.0.0-rc2

Tags:

asp.net-core

swagger

swashbuckle

I am migrating a Web API that has Swagger documenation generated using Swashbuckle from .NET Framework to ASP.NET Core. In the new AspNetCore version I'm using Swashbuckle.AspNetCore v5.0.0-rc2.

This is an internal service and authentication uses an API key provided in a custom HTTP header. In the .NET Framework application, I configured Swashbuckle to enable my API key as follows:

c.ApiKey("apiKey")
   .Description("My description")
   .Name("MyHttpHeaderName")
   .In("header);

and

c.EnableApiKeySupport("MyHtpHeaderName", "header);

How can I enable support for the same API key using Swashbuckle.AspNetCore v5.0.0-rc2?

Much of the information I've found by searching seems to relate to versions of Swashbuckle.AspNetCode prior to v5.0.0-rc2.

This answer is for v5.0.0-rc2 but only covers Bearer Authorization, and doesn't seem to relate to using a custom HTTP header: https://stackoverflow.com/a/57872872/13087

like image 536
Joe Avatar asked Nov 28 '22 13:11

Joe

1 Answers

In Swashbuckle.AspNetCore, the authorization setup is all handled with the AddSecurityDefinition method.

In 4.x, you could set up an ApiKeyScheme that describes how to use an API key to authorize requests:

c.AddSecurityDefinition("ApiKey", new ApiKeyScheme()
{
    Description = "My description",
    Name = "MyHttpHeaderName",
    In = "header",
});

Starting with 5.x, Swashbuckle.AspNetCore is no longer using its own models but instead relies on OpenAPI.NET. This means that the above security definition would look like this in 5.x:

c.AddSecurityDefinition("ApiKey", new OpenApiSecurityScheme()
{
    Type = SecuritySchemeType.ApiKey,
    In = ParameterLocation.Header,
    Name = "MyHttpHeaderName",
    Description = "My description",
});

Note that you will also have to set up security requirements to configure which security definition is required for what operations. In 5.x, the syntax for that will look like this:

c.AddSecurityRequirement(new OpenApiSecurityRequirement
{
    {
        new OpenApiSecurityScheme
        {
            Reference = new OpenApiReference { Type = ReferenceType.SecurityScheme, Id = "ApiKey" }
        },
        new string[] { }
    }
});

You can read more about all this in the documentation on security definitions and requirements.

like image 58
poke Avatar answered Dec 06 '22 13:12

poke
Sign in to Comment

Related questions

.NET Core 2.2 - "HTTP Error 500.30 - ANCM In-Process Start Failure"
Request.Url.PathAndQuery in Asp.Net Core
Font awesome icons not showing up in ASP.NET CORE MVC Project
Why ASP.NET Core MVC 3.1 project wont let me sign in with a register user using Identity
Alternatives to JsonOutputFormatter in ASP.NET Core 3.1 at Controller Level
Using Identity with AddDbContextFactory in Blazor
How to inject a scoped service into DbContext? Net Core
.NET CORE 2.0 Unable to resolve service for type while attempting to activate
Blazor conditional if statement for onclick
How to write unit test for ActionFilter when using Service Locator
How get current login user in ViewComponent Asp.Net Core
Detect mobile device in ASP.NET Core
The Language does not change in the ASP.NET Core Web application
.net core Identity, getting meaningful login failed reason
Server-side filtering with Angular 6 ag-grid and ASP.NET and EF Core 2.1
"the term 'add-migration' is not recognized as the name of a cmdlet" visual studio 2019
Visual studio 2019 “Unable to connect to web server 'IIS Express'”
Upgrade from Angular 4 to 5: "NodeInvocationException: No provider for PlatformRef!"
.Net Core Reverse-Engineering with database DNS connection
NullInjectorError: No provider for HttpClient! Angular 5

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!