我正在dotnet 6中创建一个最小的API。我有Swagger/Swashbuckle的默认实现,一切都很好,直到我添加了一个简单的自定义身份验证中间件(见下面的代码)。
问题是,中间件运行在/swagger/index.html上,它不包含头中的API Key,并返回一个400错误(根据下面的第一个if语句)。我该如何解决这个问题?
Program.cs
app.UseMiddleware<Auth>();
Auth.cs
public async Task InvokeAsync(HttpContext context, RequestDelegate next)
{
if (!context.Request.Headers.ContainsKey("ApiKey"))
{
context.Response.StatusCode = StatusCodes.Status400BadRequest;
await context.Response.WriteAsync("No ApiKey provided in headers");
}
if (!Guid.TryParse(context.Request.Headers["ApiKey"], out var apiKey))
{
context.Response.StatusCode = StatusCodes.Status400BadRequest;
await context.Response.WriteAsync("Unable to parse the ApiKey");
}
try
{
/* Look in DB for API Key yada yada yada */
}
catch
{
context.Response.StatusCode = StatusCodes.Status401Unauthorized;
await context.Response.WriteAsync("Unauthorized");
}
await next(context);
}
你可以排除你不想检查授权中间件的路径。
像这样。
public async Task InvokeAsync(HttpContext context)
{
if(!context.Request.Path.StartsWithSegments("/swagger"))
{
//put your code here for checking API key in header.
}
}
你也需要返回一旦你设置了响应,否则你会得到另一个异常。
下面是工作代码:
public async Task InvokeAsync(HttpContext context)
{
if(!context.Request.Path.StartsWithSegments("/swagger"))
{
if (!context.Request.Headers.ContainsKey("ApiKey"))
{
context.Response.StatusCode = StatusCodes.Status400BadRequest;
await context.Response.WriteAsync("No ApiKey provided in headers");
return;
}
if (!Guid.TryParse(context.Request.Headers["ApiKey"], out var apiKey))
{
context.Response.StatusCode = StatusCodes.Status400BadRequest;
await context.Response.WriteAsync("Unable to parse the ApiKey");
return;
}
try
{
/* Look in DB for API Key yada yada yada */
}
catch
{
context.Response.StatusCode = StatusCodes.Status401Unauthorized;
await context.Response.WriteAsync("Unauthorized");
return;
}
}
await this._next(context);
}
}