平常做項目使用mvc+webapi，采取前后端分離的方式，后臺提供API接口給前端開發人員。這個過程中遇到一個問題后臺開發人員怎么提供接口說明文檔給前端開發人員。為了解決這個問題，項目中引用swagger(我比較喜歡戲稱為“絲襪哥”)。

列出所有API控制器和控制器描述

那么既然是api，肯定涉及到安全驗證問題，那么怎么在測試文檔增加添加Token安全驗證呢；

下面我們來看看

1、定義swagger請求頭

using Microsoft.AspNetCore.Authorization;using Swashbuckle.AspNetCore.Swagger;using Swashbuckle.AspNetCore.SwaggerGen;using System.Collections.Generic;using System.Linq;using System.Reflection;namespace CompanyName.ProjectName.HttpApi.Host.Code{ /// /// swagger請求頭 /// public class HttpHeaderOperationFilter : IOperationFilter { /// /// /// /// /// public void Apply(Operation operation, OperationFilterContext context) { #region 新方法 if (operation.Parameters == null) { operation.Parameters = new List(); } if (context.ApiDescription.TryGetMethodInfo(out MethodInfo methodInfo)) { if (methodInfo.CustomAttributes.All(t => t.AttributeType != typeof(AllowAnonymousAttribute)) && !(methodInfo.ReflectedType.CustomAttributes.Any(t => t.AttributeType == typeof(AuthorizeAttribute)))) { operation.Parameters.Add(new NonBodyParameter { Name = "Authorization", In = "header", Type = "string", Required = true, Description = "請輸入Token，格式為bearer XXX" }); } } #endregion 新方法 } }}

2、在ConfigureServices方法添加OperationFilter

/// /// /// /// // This method gets called by the runtime. Use this method to add services to the container. public IServiceProvider ConfigureServices(IServiceCollection services) { services.Replace(ServiceDescriptor.Transient()); services.AddMvc().AddJsonOptions(options => { options.SerializerSettings.NullValueHandling = Newtonsoft.Json.NullValueHandling.Ignore; options.SerializerSettings.Converters.Add( new Newtonsoft.Json.Converters.IsoDateTimeConverter() { DateTimeFormat = "yyyy-MM-dd HH:mm:ss" } ); //小寫 options.SerializerSettings.ContractResolver = new CamelCasePropertyNamesContractResolver(); options.SerializerSettings.ContractResolver = new DefaultContractResolver(); // // options.SerializerSettings.DateFormatString = "yyyy-MM-dd"; }); // services.AddMvc().AddXmlSerializerFormatters(); // services.AddMvc().AddXmlDataContractSerializerFormatters(); services.AddLogging(); services.AddCors(options => options.AddPolicy("AllowSameDomain", builder => builder.AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader() )); services.Configure(options => { options.Filters.Add(new CorsAuthorizationFilterFactory("AllowSameDomain")); }); #region Swagger services.AddSwaggerGen(c => { c.SwaggerDoc("v1", new Info { Version = "v1", Title = "接口文檔", Description = "接口文檔-基礎", TermsOfService = "https://example.com/terms", Contact = new Contact { Name = "XXX1111", Email = "XXX1111@qq.com", Url = "https://example.com/terms" } , License = new License { Name = "Use under LICX", Url = "https://example.com/license", } }); c.SwaggerDoc("v2", new Info { Version = "v2", Title = "接口文檔", Description = "接口文檔-基礎", TermsOfService = "https://example.com/terms", Contact = new Contact { Name = "XXX2222", Email = "XXX2222@qq.com", Url = "https://example.com/terms" } , License = new License { Name = "Use under LICX", Url = "https://example.com/license", } }); c.OperationFilter(); c.DocumentFilter(); var xmlFile = $"{Assembly.GetExecutingAssembly().GetName().Name}.xml"; var xmlPath = Path.Combine(AppContext.BaseDirectory, xmlFile); c.IncludeXmlComments(xmlPath); c.IncludeXmlComments(Path.Combine(AppContext.BaseDirectory, $"CompanyName.ProjectName.ICommonServer.xml")); }); #endregion Swagger #region MiniProfiler if (bool.Parse(Configuration["IsUseMiniProfiler"])) { //https://www.cnblogs.com/lwqlun/p/10222505.html services.AddMiniProfiler(options => options.RouteBasePath = "/profiler" ).AddEntityFramework(); } #endregion MiniProfiler services.AddDbContext(options => options.UseMySql(Configuration["Data:MyCat:ConnectionString"])); var container = AutofacExt.InitAutofac(services, Assembly.GetExecutingAssembly()); return new AutofacServiceProvider(container); }

3、定義一個ActionFilterAttribute

using CompanyName.ProjectName.Core;using Microsoft.AspNetCore.Mvc;using Microsoft.AspNetCore.Mvc.Filters;using Newtonsoft.Json;using System.Security.Principal;namespace CompanyName.ProjectName.HttpApi.Host{ /// /// 權限 /// public class BasicAuth : ActionFilterAttribute { /// /// /// /// public override void OnActionExecuting(ActionExecutingContext context) { if (context.HttpContext.Request != null && context.HttpContext.Request.Headers != null && context.HttpContext.Request.Headers["Authorization"].Count > 0) { var token = context.HttpContext.Request.Headers["Authorization"]; if (string.IsNullOrWhiteSpace(token)) { ResultDto meta = ResultDto.Err("Unauthorized"); JsonResult json = new JsonResult(new { Meta = meta } ); JsonSerializerSettings jsetting = new JsonSerializerSettings(); jsetting.NullValueHandling = NullValueHandling.Ignore; jsetting.Converters.Add( new Newtonsoft.Json.Converters.IsoDateTimeConverter() { DateTimeFormat = "yyyy-MM-dd HH:mm:ss" } ); json.SerializerSettings = jsetting; json.ContentType = "application/json; charset=utf-8"; context.Result = json; } else { GenericIdentity ci = new GenericIdentity(token); ci.Label = "conan1111111"; context.HttpContext.User = new GenericPrincipal(ci, null); } } else { ResultDto meta = ResultDto.Err("Unauthorized"); JsonResult json = new JsonResult(new { Meta = meta } ); JsonSerializerSettings jsetting = new JsonSerializerSettings(); jsetting.NullValueHandling = NullValueHandling.Ignore; jsetting.Converters.Add( new Newtonsoft.Json.Converters.IsoDateTimeConverter() { DateTimeFormat = "yyyy-MM-dd HH:mm:ss" } ); json.SerializerSettings = jsetting; json.ContentType = "application/json; charset=utf-8"; context.Result = json; } base.OnActionExecuting(context); } }}

4、最后在需要的地方使用 ?[BasicAuth]

/// /// 添加 /// /// /// 主鍵id [BasicAuth] [ModelValidationAttribute] [ApiExplorerSettings(GroupName = "v1")] [HttpPost, Route("Create")] public async Task> CreateAsync([FromBody]CreateWebConfigDto model) { return await _webConfigApp.CreateAsync(model, new Core.CurrentUser()); }

我們就可以看到Authorization - 請輸入Token，格式為bearer XXX

源碼地址：

https://github.com/conanl5566/Sampleproject/tree/master/src/03%20Host/CompanyName.ProjectName.HttpApi.Host

總結

以上是生活随笔為你收集整理的token验证_Swagger中添加Token验证的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。