With ASP.NET Core 8.0, now you can secure Swagger UI endpoints by calling MapSwagger().RequireAuthorization.
Consider the following code example.
WebApplicationBuilder builder = WebApplication.CreateBuilder(args);
builder.Services.AddEndpointsApiExplorer();
builder.Services.AddSwaggerGen();
builder.Services.AddAuthorization();
builder.Services.AddAuthentication("Bearer").AddJwtBearer();
WebApplication app = builder.Build();
app.UseSwagger();
app.UseSwaggerUI();
app.MapSwagger().RequireAuthorization();
app.MapGet("/status", () =>
{
return "ONLINE";
})
.WithName("GetStatus")
.WithOpenApi();
app.Run();
Here, /status endpoint will not require any authorization, but the Swagger endpoints will require authorization.
|
| Swagger: 401 |
Hope this helps.
Happy Coding.
Regards,
Jaliya
I tried it and it doesn't work for me. Any thoughts on what I might be missing?
ReplyDeletepublic static void ConfigureSwaggerApp(this WebApplication app, IConfiguration configuration)
{
app.UseSwagger();
app.UseSwaggerUI(config =>
{
config.OAuthConfigObject = new OAuthConfigObject
{
ClientId = configuration["client-id"],
AdditionalQueryStringParams = new Dictionary
{
{ "resource", configuration["auth-audience"] },
{ "domain_hint", "test" }
}
};
app.MapSwagger().RequireAuthorization();
config.OAuthUsePkce();
config.ConfigObject.TryItOutEnabled = true;
config.ConfigObject.DocExpansion = DocExpansion.None;
});
}