龙空技术网

为 ASP.NET Core (6.0)服务应用添加ApiKey验证支持

海椰人 133

前言:

如今看官们对“aspnet插入字符”大致比较重视,看官们都需要了解一些“aspnet插入字符”的相关资讯。那么小编同时在网络上网罗了一些关于“aspnet插入字符””的相关知识,希望兄弟们能喜欢,大家快快来了解一下吧!

这个代码段演示了如何为一个ASP.NET Core项目中添加Apikey验证支持。

首先,通过下面的代码创建项目

dotnet new webapi -minimal -o yourwebapi

然后修改已经生成的 builder.Services.AddSwaggerGen 这个方法,以便在Swagger 的页面可以输入ApiKey进行调试。

builder.Services.AddSwaggerGen((options) =>{    options.AddSecurityDefinition("ApiKey", new OpenApiSecurityScheme    {        Type = SecuritySchemeType.ApiKey,        In = ParameterLocation.Header,        Name = "ApiKey"    });    options.AddSecurityRequirement(new OpenApiSecurityRequirement    {        {            new OpenApiSecurityScheme            {                Reference = new OpenApiReference                {                    Type = ReferenceType.SecurityScheme,                    Id = "ApiKey"                }            },            new string[] {}        }    });});

var app = builder.Build(); 这一行下方添加一个中间件,用来验证ApiKey。请注意,这里特意跳过了swagger目录。另外,这里的密钥校验是硬编码的,你可以修改成自己需要的方式。

app.Use(async (context, next) =>{    var found = context.Request.Headers.TryGetValue("ApiKey", out var key);    if (context.Request.Path.StartsWithSegments("/swagger") || (found && key == "abc"))    {        await next(context);    }    else    {        context.Response.StatusCode = 401;        await context.Response.WriteAsync("没有合法授权");        return;    }});

通过 dotnet watch run 将应用运行起来,并且访问 /swagger/index.html 这个网页,可以看到当前API项目的所有方法,并且可以输入ApiKey

然后你就可以在swagger 中进行API 调用测试了,当然你也可以通过 postman 等工具来测试。这里就不展开了。

完整代码如下,请参考

using Microsoft.OpenApi.Models;var builder = WebApplication.CreateBuilder(args);// Add services to the container.// Learn more about configuring Swagger/OpenAPI at ;builder.Services.AddSwaggerGen((options) =>{    options.AddSecurityDefinition("ApiKey", new OpenApiSecurityScheme    {        Type = SecuritySchemeType.ApiKey,        In = ParameterLocation.Header,        Name = "ApiKey"    });    options.AddSecurityRequirement(new OpenApiSecurityRequirement    {        {            new OpenApiSecurityScheme            {                Reference = new OpenApiReference                {                    Type = ReferenceType.SecurityScheme,                    Id = "ApiKey"                }            },            new string[] {}        }    });});var app = builder.Build();app.Use(async (context, next) =>{    var found = context.Request.Headers.TryGetValue("ApiKey", out var key);    if (context.Request.Path.StartsWithSegments("/swagger") || (found && key == "abc"))    {        await next(context);    }    else    {        context.Response.StatusCode = 401;        await context.Response.WriteAsync("没有合法授权");        return;    }});// Configure the HTTP request pipeline.if (app.Environment.IsDevelopment()){    app.UseSwagger();    app.UseSwaggerUI();}app.UseHttpsRedirection();var summaries = new[]{    "Freezing", "Bracing", "Chilly", "Cool", "Mild", "Warm", "Balmy", "Hot", "Sweltering", "Scorching"};app.MapGet("/weatherforecast", () =>{    var forecast = Enumerable.Range(1, 5).Select(index =>        new WeatherForecast        (            DateTime.Now.AddDays(index),            Random.Shared.Next(-20, 55),            summaries[Random.Shared.Next(summaries.Length)]        ))        .ToArray();    return forecast;}).WithName("GetWeatherForecast");app.Run();record WeatherForecast(DateTime Date, int TemperatureC, string? Summary){    public int TemperatureF => 32 + (int)(TemperatureC / 0.5556);}

文章来自

标签: #aspnet插入字符