0

Hello fellow developers,

I have implemented a server with multiple endpoints and integrated the Swashbuckle Swagger UI middleware. This middleware is accessable for everyone without habing to login at the server. I am using Bearer tokens to autenticate my requests.

Is there any possibility to prevent accessing the Swagger UI without having logged in to my server?

Here is how I registered swagger in my Startup.cs:

app.UseSwagger();

app.UseSwaggerUI(c =>
{
     c.SwaggerEndpoint("/swagger/v1/swagger.json", "My API V1");
});

And to generate the swagger json file:

// Register Swagger generator
services.AddSwaggerGen();

PS: I noticed that even if I am logged in and got a JWT, in the swagger request no Authentication Header is sent. If I could add/force this Header, I could check it in another middleware.

Thx in advance.

Helen
  • 87,344
  • 17
  • 243
  • 314
Fawkes94
  • 3
  • 5
  • Hi, this is answer on your question https://stackoverflow.com/a/58183862/3520507 – DarkSideMoon Mar 09 '21 at 12:25
  • But isn't this about using jwt authentication in the swagger UI so i can test the requests. My question refers to not allowing anonymous access to the swagger UI. It is about security so noone who has no credentials shoudl be able to even get to the swagger UI. – Fawkes94 Mar 09 '21 at 12:28
  • Thanks for the explanation, because it is not clear from your question. I found this [github issue](https://github.com/domaindrivendev/Swashbuckle.AspNetCore/issues/429) with project example in the last comment. – DarkSideMoon Mar 09 '21 at 13:00

0 Answers0