Menu
I am using Swashbuckle.AspNetCore 5.0.0 to generate Swagger documentation for my .Net Core WebApi project, and for the most part, everything is going fine.
I have set up some simple authentication using ApiKey, and that is working good.
Where I am having problems now is getting Swagger to add an ApiKey into the header of my requests. I followed the instructions for added the ApiKey security Definition/requirement, as mentioned in these various posts:
API key in header with swashbuckle
Empty authorization header on requests for Swashbuckle.AspNetCore
How to force Swagger/Swashbuckle to append an API key?
However, the ApiKey value is never added to the Header.
This is what I have in my startup:
c.AddSecurityDefinition("ApiKey",
new OpenApiSecurityScheme
{
Description = "ApiKey must appear in header",
Type = SecuritySchemeType.ApiKey,
Name = Constants.ApiKeyHeaderName,
In = ParameterLocation.Header
});
and
c.AddSecurityRequirement(new OpenApiSecurityRequirement
{
{
new OpenApiSecurityScheme
{
Name = Constants.ApiKeyHeaderName,
Type = SecuritySchemeType.ApiKey,
In = ParameterLocation.Header
},
new List<string>()}
});
379
const ui = SwaggerUIBundle({ ..., requestInterceptor: function (req) { req. headers = { 'Authorization': 'Bearer ' + document. getElementById('bearer-code- input'). value , 'Accept': 'application/json', 'Content-Type': 'application/json' }; return req; }, ... })
Apply the Authorize attribute in ASP.NET Core 6 Next, apply the Authorize attribute on the HttpGet action method of the WeatherController as shown in the code snippet given below. With the Authorization attribute applied, an authentication token will now be required to execute this endpoint in Swagger.
I was struggling myslef with this one but figured out that besides adding proper Reference, you have to also specify Scheme in definition, this is the code that is working for me correctly:
c.AddSecurityDefinition("ApiKey", new OpenApiSecurityScheme()
{
Name = "x-api-key",
In = ParameterLocation.Header,
Type = SecuritySchemeType.ApiKey,
Description = "Authorization by x-api-key inside request's header",
Scheme = "ApiKeyScheme"
});
var key = new OpenApiSecurityScheme()
{
Reference = new OpenApiReference
{
Type = ReferenceType.SecurityScheme,
Id = "ApiKey"
},
In = ParameterLocation.Header
};
var requirement = new OpenApiSecurityRequirement
{
{ key, new List<string>() }
};
c.AddSecurityRequirement(requirement);
OK, I was finally able to get this to work. I needed to add an instance of OpenApiReference to the OpenApiSecurityScheme object provided to c.AddSecurityRequirement()
Reference = new OpenApiReference { Type = ReferenceType.SecurityScheme, Id = "ApiKeyAuth" }
I have to say that the documentation on this is a bit confusing. Probably not in small part due to the fact that anything posted on the internet is there forever, and so many posts that I found on this whole thing were no longer applicable due to changes in the framework :)
Now I just need to figure out how to send another header value along with the api-key, and I'll be done with this part
26
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With