1. 技术文章
  2. Empty authorization header on requests for Swashbuckle.AspNetCore

Empty authorization header on requests for Swashbuckle.AspNetCore

一笑奈何 提交于 2019-12-31 06:29:33

问题


Currently having an issue with authorization headers in swashbuckle for .net core The first line of code on every endpoint is:

string auth = Request.Headers["Authorization"];

When using postman, everything works smoothly, but when making a request from localhost/swagger, the header is empty
when a breakpoint is inserted, the header is a null value.
the body of the request is in tact and everything works properly when the authorization is removed from the endpoint

In my services.AddSwaggerGen I add the security definition:

   services.AddSwaggerGen(c =>
        {
            c.SwaggerDoc("v1", new Info
            {
                Version = "v1",
                Title = "Employee Navigator",
                Description = "Authorization Key: Z29vZEtleQ==",
            });
            c.AddSecurityDefinition("Bearer", new ApiKeyScheme
            {
                Name = "Authorization",
                In = "header",
                Type = "apiKey",
                Description = "Authorization Key: Z29vZEtleQ=="
            });
            c.AddSecurityRequirement(new Dictionary<string, IEnumerable<string>>
            {
                { "Authorization", new[] { "readAccess", "writeAccess" } }
            });

        });

I have updated each of the following to be sure I wasn't missing anything: my csproj file contains:

  <ItemGroup>
<Folder Include="wwwroot\" />
<PackageReference Include="Microsoft.AspNetCore.StaticFiles" Version="2.0.1" />
<PackageReference Include="Swashbuckle.AspNetCore.Swagger" Version="2.4.0" />
<PackageReference Include="Swashbuckle.AspNetCore.SwaggerGen" Version="2.4.0" />
<PackageReference Include="Swashbuckle.AspNetCore.SwaggerUi" Version="2.4.0" />
<PackageReference Include="Swashbuckle.AspNetCore" Version="1.1.0" />


回答1:


The problem here is that the name in your security definition ("Bearer") does not match the name added to your security requirement ("Authorization"). For background context, there used to be a bug in SwashBuckle that meant that it enforced authorization without the SecurityRequirement defined so many found that it suddenly stopped working for them. The Requirement definition is a bit clunky and leads to issues like these.

If you change the SecurityRequirement to match the code below it should work:

 services.AddSwaggerGen(c =>
    {
        c.SwaggerDoc("v1", new Info
        {
            Version = "v1",
            Title = "Employee Navigator",
            Description = "Authorization Key: Z29vZEtleQ==",
        });
        c.AddSecurityDefinition("Bearer", new ApiKeyScheme
        {
            Name = "Authorization",
            In = "header",
            Type = "apiKey",
            Description = "Authorization Key: Z29vZEtleQ=="
        });
        c.AddSecurityRequirement(new Dictionary<string, IEnumerable<string>>
        {
            { "Bearer", new[] { "readAccess", "writeAccess" } }
        });

    });



回答2:


Found the answer in case anyone has this issue:

My solution can be found here: https://github.com/domaindrivendev/Swashbuckle.AspNetCore/issues/696

more info on the topic can be found here: https://github.com/domaindrivendev/Swashbuckle.AspNetCore/issues/603



来源:https://stackoverflow.com/questions/49908577/empty-authorization-header-on-requests-for-swashbuckle-aspnetcore

标签
asp.net-core
http-headers
asp.net-core-2.0
asp.net-core-webapi
swashbuckle
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!