為 ASP.NET Core (6.0)服務應用新增ApiKey驗證支援
阿新 • • 發佈:2022-05-06
這個程式碼段演示瞭如何為一個ASP.NET Core專案中新增Apikey驗證支援。
首先,通過下面的程式碼建立專案
dotnet new webapi -minimal -o yourwebapi
然後修改已經生成的 builder.Services.AddSwaggerGen
這個方法,以便在Swagger 的頁面可以輸入ApiKey進行除錯。
builder.Services.AddSwaggerGen((options) => { options.AddSecurityDefinition("ApiKey", new OpenApiSecurityScheme { Type = SecuritySchemeType.ApiKey, In = ParameterLocation.Header, Name = "ApiKey" }); options.AddSecurityRequirement(new OpenApiSecurityRequirement { { new OpenApiSecurityScheme { Reference = new OpenApiReference { Type = ReferenceType.SecurityScheme, Id = "ApiKey" } }, new string[] {} } }); });
在 var app = builder.Build();
這一行下方新增一箇中間件,用來驗證ApiKey。請注意,這裡特意跳過了swagger目錄。另外,這裡的金鑰校驗是硬編碼的,你可以修改成自己需要的方式。
app.Use(async (context, next) => { var found = context.Request.Headers.TryGetValue("ApiKey", out var key); if (context.Request.Path.StartsWithSegments("/swagger") || (found && key == "abc")) { await next(context); } else { context.Response.StatusCode = 401; await context.Response.WriteAsync("沒有合法授權"); return; } });
通過 dotnet watch run
將應用執行起來,並且訪問 /swagger/index.html
這個網頁,可以看到當前API專案的所有方法,並且可以輸入ApiKey
然後你就可以在swagger
中進行API 呼叫測試了,當然你也可以通過 postman
等工具來測試。這裡就不展開了。
完整程式碼如下,請參考
using Microsoft.OpenApi.Models; var builder = WebApplication.CreateBuilder(args); // Add services to the container. // Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle builder.Services.AddEndpointsApiExplorer(); builder.Services.AddSwaggerGen((options) => { options.AddSecurityDefinition("ApiKey", new OpenApiSecurityScheme { Type = SecuritySchemeType.ApiKey, In = ParameterLocation.Header, Name = "ApiKey" }); options.AddSecurityRequirement(new OpenApiSecurityRequirement { { new OpenApiSecurityScheme { Reference = new OpenApiReference { Type = ReferenceType.SecurityScheme, Id = "ApiKey" } }, new string[] {} } }); }); var app = builder.Build(); app.Use(async (context, next) => { var found = context.Request.Headers.TryGetValue("ApiKey", out var key); if (context.Request.Path.StartsWithSegments("/swagger") || (found && key == "abc")) { await next(context); } else { context.Response.StatusCode = 401; await context.Response.WriteAsync("沒有合法授權"); return; } }); // Configure the HTTP request pipeline. if (app.Environment.IsDevelopment()) { app.UseSwagger(); app.UseSwaggerUI(); } app.UseHttpsRedirection(); var summaries = new[] { "Freezing", "Bracing", "Chilly", "Cool", "Mild", "Warm", "Balmy", "Hot", "Sweltering", "Scorching" }; app.MapGet("/weatherforecast", () => { var forecast = Enumerable.Range(1, 5).Select(index => new WeatherForecast ( DateTime.Now.AddDays(index), Random.Shared.Next(-20, 55), summaries[Random.Shared.Next(summaries.Length)] )) .ToArray(); return forecast; }) .WithName("GetWeatherForecast"); app.Run(); record WeatherForecast(DateTime Date, int TemperatureC, string? Summary) { public int TemperatureF => 32 + (int)(TemperatureC / 0.5556); }