swagger - 过渡到 Swashbuckle 5.0

Question

我通过 Swashbuckle V4 使用 Swagger，并使用 API key 对端点进行身份验证。

使用 Swashbuckle V4 时，以下配置完美运行(请注意，仅显示 Swagger 代码):

public void ConfigureServices(IServiceCollection services) {

 services.AddSwaggerGen(c => {
  c.SwaggerDoc(
   "v1",
   new Info {
    Title = "OAPI", Version = "v1"
   });
  c.AddSecurityDefinition("api_key", new ApiKeyScheme {
    In = "query",
    Description = "Please Enter Authentication Token",
    Name = "key",
    Type = "apiKey"
  });
  c.AddSecurityRequirement(new Dictionary < string, IEnumerable < string >> {
   {
    "api_key",
    new [] {
     "readAccess",
     "writeAccess"
    }
   }
  });
 });
}

public void Configure(IApplicationBuilder app, IHostingEnvironment env) {

 app.UseSwagger();

 app.UseSwaggerUI(c => {
  c.SwaggerEndpoint("/api/swagger/v1/swagger.json", "API V1");
  c.RoutePrefix = "api/swagger";
 });
}

虚张声势GitHub page ，包含“过渡到 Swashbuckle 5.0”主题，但不涵盖 API key 的使用。

我无法找到有关如何过渡到 V5 的完整示例，因此我分析了方法签名以生成相同的配置。

以下代码假装复制上述 V4 配置:

public void ConfigureServices(IServiceCollection services) {

 var securityScheme = new OpenApiSecurityScheme {
   In = ParameterLocation.Query,
   Description = "Please Enter Authentication Token",
   Name = "key",
   Type = SecuritySchemeType.ApiKey
 };

 services.AddSwaggerGen(c => {
  c.SwaggerDoc("V1", new OpenApiInfo {
    Version = "V1",
    Title = "API",
    Description = "API"
  });

  c.AddSecurityDefinition("api_key", securityScheme);

  c.AddSecurityRequirement(new OpenApiSecurityRequirement {
   {
    securityScheme,
    new [] {
     "readAccess",
     "writeAccess"
    }
   }
  });

  c.EnableAnnotations();
 });
}

public void Configure(IApplicationBuilder app, IHostingEnvironment env) {

 app.UseSwagger();

 app.UseSwaggerUI(c => {
  c.SwaggerEndpoint("/api/swagger/v1/swagger.json", "API V1");
  c.RoutePrefix = "api/swagger";
 });
}

运行 API 时，会显示 Swagger 身份验证窗口，我可以使用 API key 进行身份验证。

不幸的是，当执行任何端点时，我收到以下错误:

 System.InvalidOperationException: No authenticationScheme was specified, and there was no DefaultChallengeScheme found.

        at Microsoft.AspNetCore.Authentication.AuthenticationService.ChallengeAsync
        at Microsoft.AspNetCore.Mvc.ChallengeResult.ExecuteResultAsync
        at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.InvokeResultAsync
        at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.InvokeNextResultFilterAsync[TFilter,TFilterAsync]
        at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.Rethrow
        at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.ResultNext[TFilter,TFilterAsync]
        at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.InvokeAlwaysRunResultFilters
        at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.InvokeFilterPipelineAsync
        at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.InvokeAsync
        at Microsoft.AspNetCore.Routing.EndpointMiddleware.Invoke
        at Microsoft.AspNetCore.Routing.EndpointRoutingMiddleware.Invoke
        at Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware.Invoke
        at Swashbuckle.AspNetCore.SwaggerUI.SwaggerUIMiddleware.Invoke
        at Swashbuckle.AspNetCore.Swagger.SwaggerMiddleware.Invoke
        at Microsoft.AspNetCore.Cors.Infrastructure.CorsMiddleware.InvokeCore

我认为我遗漏了一些东西，我尝试研究 Microsoft.OpenApi.Models 类，但到目前为止我还没有运气。这可能是一个小细节，但到目前为止还无法理解......

Answer 1

使用 AddSecurityRequirement 时，您需要引用该方案，因为您是在全局应用它。此外，当使用“oauth2”以外的任何其他类型时，范围数组必须为空。

下面的示例应该可以工作。

c.AddSecurityRequirement(new OpenApiSecurityRequirement
                {
                    {
                        new OpenApiSecurityScheme
                        {
                            Reference = new OpenApiReference
                            {
                                Id = "api_key",
                                Type = ReferenceType.SecurityScheme
                            }
                        },
                        new List<string>() }
                });