I have swagger working on multiple microservices. When deploying to Azure we need to remove all together the option of swagger due to security best practices. Working with .net core 2.1 Looking for example of definitions.
active=production with @Profile("! production") worked for me to turn off swagger in prod.
3-p2, 2.3. 7-p3), Swagger is disabled automatically in production mode. This means that you can still use it on development machines where it is most important, but not on the live server. It's not possible to easily use Swagger on test or staging systems either while they run in production mode (which they should).
How to do it? add this property in your Swagger UI Options defaultModelsExpandDepth: -1 for hide schema section and for more reference refer this swagger.io/docs/open-source-tools/swagger-ui/usage/… Can you please add your swagger ui configuration settings in your question.
First, what "security best practices"? There's nothing wrong with having your API documentation in production. That's actually kind of the whole point: clients should be able to look at the documentation so that they can properly use your API. If these microservices aren't exposed to be used by external clients, then it's even less of an issue, because no one outside can get to the service or the documentation, anyways. If the services are exposed, then they should also be requiring requests to be authorized, and the documentation itself can be locked down via the same mechanism.
Regardless, if you insist on removing this in production, your best bet is to never add it there in the first place. In other words, wrap all your Swagger setup in Startup.cs
with if (env.IsDevelopment())
or if you want it available in things like a staging environment: if (!env.IsProduction())
.
If you're coming at this from .net core 3.1:
Assuming that the Startup
class' constructor copies the injected IConfiguration
to a local field called configuration
, then you can setup the Configure method like so:
public void configure(IApplicationBuilder app, IWebHostEnvironment env)
{
var applicationName = configuration.GetValue<string>("ApplicationName") ?? "MyApi";
var basePath = configuration.GetValue<string>("BasePath");
if (!string.IsNullOrEmpty(basePath))
app.UsePathBase(basePath);
if (!env.IsProduction())
{
app.UseSwagger();
app.UseSwaggerUI(c =>
{
c.SwaggerEndpoint($"{basePath}/swagger/v1/swagger.json",
$"{applicationName} {ReflectionUtils.GetAssemblyVersion<Program>()}");
});
}
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With