为 ASP.NET Core （6.0）服务应用添加ApiKey验证支持

海椰人 09-06 107

前言：

如今看官们对“aspnet插入字符”大致比较重视，看官们都需要了解一些“aspnet插入字符”的相关资讯。那么小编同时在网络上网罗了一些关于“aspnet插入字符””的相关知识，希望兄弟们能喜欢，大家快快来了解一下吧！

这个代码段演示了如何为一个ASP.NET Core项目中添加Apikey验证支持。

首先，通过下面的代码创建项目

dotnet new webapi -minimal -o yourwebapi

然后修改已经生成的 builder.Services.AddSwaggerGen 这个方法，以便在Swagger 的页面可以输入ApiKey进行调试。

builder.Services.AddSwaggerGen((options) =>{    options.AddSecurityDefinition("ApiKey", new OpenApiSecurityScheme    {        Type = SecuritySchemeType.ApiKey,        In = ParameterLocation.Header,        Name = "ApiKey"    });    options.AddSecurityRequirement(new OpenApiSecurityRequirement    {        {            new OpenApiSecurityScheme            {                Reference = new OpenApiReference                {                    Type = ReferenceType.SecurityScheme,                    Id = "ApiKey"                }            },            new string[] {}        }    });});

在 var app = builder.Build(); 这一行下方添加一个中间件，用来验证ApiKey。请注意，这里特意跳过了swagger目录。另外，这里的密钥校验是硬编码的，你可以修改成自己需要的方式。

app.Use(async (context, next) =>{    var found = context.Request.Headers.TryGetValue("ApiKey", out var key);    if (context.Request.Path.StartsWithSegments("/swagger") || (found && key == "abc"))    {        await next(context);    }    else    {        context.Response.StatusCode = 401;        await context.Response.WriteAsync("没有合法授权");        return;    }});

通过 dotnet watch run 将应用运行起来，并且访问 /swagger/index.html 这个网页，可以看到当前API项目的所有方法，并且可以输入ApiKey

然后你就可以在swagger 中进行API 调用测试了，当然你也可以通过 postman 等工具来测试。这里就不展开了。

完整代码如下，请参考

using Microsoft.OpenApi.Models;var builder = WebApplication.CreateBuilder(args);// Add services to the container.// Learn more about configuring Swagger/OpenAPI at ;builder.Services.AddSwaggerGen((options) =>{    options.AddSecurityDefinition("ApiKey", new OpenApiSecurityScheme    {        Type = SecuritySchemeType.ApiKey,        In = ParameterLocation.Header,        Name = "ApiKey"    });    options.AddSecurityRequirement(new OpenApiSecurityRequirement    {        {            new OpenApiSecurityScheme            {                Reference = new OpenApiReference                {                    Type = ReferenceType.SecurityScheme,                    Id = "ApiKey"                }            },            new string[] {}        }    });});var app = builder.Build();app.Use(async (context, next) =>{    var found = context.Request.Headers.TryGetValue("ApiKey", out var key);    if (context.Request.Path.StartsWithSegments("/swagger") || (found && key == "abc"))    {        await next(context);    }    else    {        context.Response.StatusCode = 401;        await context.Response.WriteAsync("没有合法授权");        return;    }});// Configure the HTTP request pipeline.if (app.Environment.IsDevelopment()){    app.UseSwagger();    app.UseSwaggerUI();}app.UseHttpsRedirection();var summaries = new[]{    "Freezing", "Bracing", "Chilly", "Cool", "Mild", "Warm", "Balmy", "Hot", "Sweltering", "Scorching"};app.MapGet("/weatherforecast", () =>{    var forecast = Enumerable.Range(1, 5).Select(index =>        new WeatherForecast        (            DateTime.Now.AddDays(index),            Random.Shared.Next(-20, 55),            summaries[Random.Shared.Next(summaries.Length)]        ))        .ToArray();    return forecast;}).WithName("GetWeatherForecast");app.Run();record WeatherForecast(DateTime Date, int TemperatureC, string? Summary){    public int TemperatureF => 32 + (int)(TemperatureC / 0.5556);}

文章来自

本文地址：http://www.longkongtuishu.com/caf88A2sGB1ICCQ.html

标签： #aspnet插入字符