为 ASP.NET Core (6.0)服务应用添加ApiKey验证支持

这个代码段演示了如何为一个ASP.NET Core项目中添加Apikey验证支持。

首先,通过下面的代码创建项目

dotnet new webapi -minimal -o yourwebapi

然后修改已经生成的 builder.Services.AddSwaggerGen 这个方法,以便在Swagger 的页面可以输入ApiKey进行调试。

builder.Services.AddSwaggerGen((options) => {     options.AddSecurityDefinition("ApiKey", new OpenApiSecurityScheme     {         Type = SecuritySchemeType.ApiKey,         In = ParameterLocation.Header,         Name = "ApiKey"     });      options.AddSecurityRequirement(new OpenApiSecurityRequirement     {         {             new OpenApiSecurityScheme             {                 Reference = new OpenApiReference                 {                     Type = ReferenceType.SecurityScheme,                     Id = "ApiKey"                 }             },             new string[] {}         }     }); }); 

var app = builder.Build(); 这一行下方添加一个中间件,用来验证ApiKey。请注意,这里特意跳过了swagger目录。另外,这里的密钥校验是硬编码的,你可以修改成自己需要的方式。

app.Use(async (context, next) => {     var found = context.Request.Headers.TryGetValue("ApiKey", out var key);      if (context.Request.Path.StartsWithSegments("/swagger") || (found && key == "abc"))     {         await next(context);     }     else     {         context.Response.StatusCode = 401;         await context.Response.WriteAsync("没有合法授权");         return;     } }); 

通过 dotnet watch run 将应用运行起来,并且访问 /swagger/index.html 这个网页,可以看到当前API项目的所有方法,并且可以输入ApiKey

然后你就可以在swagger 中进行API 调用测试了,当然你也可以通过 postman 等工具来测试。这里就不展开了。

完整代码如下,请参考

using Microsoft.OpenApi.Models;  var builder = WebApplication.CreateBuilder(args);  
// Add services to the container. 
// Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle builder.Services.AddEndpointsApiExplorer(); builder.Services.AddSwaggerGen((options) => {
     options.AddSecurityDefinition("ApiKey", new OpenApiSecurityScheme     {
         Type = SecuritySchemeType.ApiKey,
         In = ParameterLocation.Header,
         Name = "ApiKey"     });
      options.AddSecurityRequirement(new OpenApiSecurityRequirement
     {         {
             new OpenApiSecurityScheme
             {
                 Reference = new OpenApiReference
                 {
                     Type = ReferenceType.SecurityScheme,                     Id = "ApiKey" 
                }             },
             new string[] {}         }     }); });
    var app = builder.Build();  app.Use(async (context, next) => {
     var found = context.Request.Headers.TryGetValue("ApiKey", out var key);
      if (context.Request.Path.StartsWithSegments("/swagger") || (found && key == "abc"))     {
         await next(context);
     }
     else
     {         context.Response.StatusCode = 401;
         await context.Response.WriteAsync("没有合法授权");
         return;
     } });
     // Configure the HTTP request pipeline. if (app.Environment.IsDevelopment()) {     app.UseSwagger();
     app.UseSwaggerUI(); }  app.UseHttpsRedirection();  var summaries = new[] {
     "Freezing", "Bracing", "Chilly", "Cool", "Mild", "Warm", "Balmy", "Hot", "Sweltering", "Scorching" };
  app.MapGet("/weatherforecast", () => {     var forecast = Enumerable.Range(1, 5).Select(index =>         new WeatherForecast
         ( 
            DateTime.Now.AddDays(index),
             Random.Shared.Next(-20, 55),
             summaries[Random.Shared.Next(summaries.Length)]         ))
         .ToArray();     return forecast; }) .WithName("GetWeatherForecast");  app.Run();  record WeatherForecast(DateTime Date, int TemperatureC, string? Summary) {
     public int TemperatureF => 32 + (int)(TemperatureC / 0.5556); } 

标签:

商匡云商
Logo
注册新帐户
对比商品
  • 合计 (0)
对比
0
购物车