0

I have added a header parameter to Swagger for the API Key and this is working as far as providing the ability to enter the API key. I am using the following

  • Swashbuckle.AspNetCore 6.1
  • Swashbuckle.AspNetCore.Swagger 6.1
  • Swashbuckle.AspNetCore.SwaggerGen 6.1
  • Swashbuckle.AspNetCore.SwaggerUI 6.1

enter image description here

My code is as follows, in the Startup.cs I have the following for adding the location of the Swagger config

 public void ConfigureServices(IServiceCollection services)
             services.AddSwaggerGen(config =>
            {
                config.OperationFilter<SwaggerFilter>();
            });


public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
            app.UseSwagger();
            app.UseSwaggerUI(c =>
            {
                c.SwaggerEndpoint("/swagger/v1/swagger.json", "Swift Api V1");
                c.RoutePrefix = string.Empty;
            });

The Swaggerfilter code in it's entirety is

using Swashbuckle.AspNetCore.SwaggerGen;
using System.Collections.Generic;

namespace SwiftApi.Api
{
    public class SwaggerFilter : IOperationFilter
    {
        public void Apply(OpenApiOperation operation, OperationFilterContext context)
        {
            if (operation.Parameters == null)
                operation.Parameters = new List<OpenApiParameter>();

            operation.Parameters.Add(new OpenApiParameter
            {
                Name = "Authorization",
                In = ParameterLocation.Header,
                Schema = new OpenApiSchema { Type = "string" },
                Description = "API Key",
                Required = true
            });
        }
    }
}

However in method to check the value passed in the header, this is not found in my list of header values

enter image description here

Having looked online I cannot see anything I am doing wrong, but clearly I have omitted something, when I use Postman I can see the header value.

This is the first time I have tried doing this so It is likely I have missed something out, the question is what?

The values retrieved from Postman enter image description here

Any suggestions would be gratefully appreciated.

Gordon Barclay
  • 13
  • 1
  • 7
  • What you captured are the HTTP Headers that go into a request. You need to add to the HTTPRequest a new header for missing header. – jdweng Mar 22 '21 at 11:20
  • Can you expand on this please? – Gordon Barclay Mar 22 '21 at 11:32
  • See : https://github.com/domaindrivendev/Swashbuckle.WebApi/issues/501#issuecomment-143254123 – jdweng Mar 22 '21 at 11:45
  • Thanks for the link, but can you expand please as to what I should be doing, think of it as telling me which part I am missing rather than me having to guess please. As I indicated this is something I have not done before and therefore not sure which, if at all any, of the part of the above link I need to use - sorry. – Gordon Barclay Mar 22 '21 at 12:19
  • You have an HTTP Request which contains HTTP Headers. Swagger may call them something else, but they are HTTP Headers. You need to modify the headers. The title of the posting in my link is "How do I tell swashbuckle to add a required header". – jdweng Mar 22 '21 at 12:55
  • I understand that, but which part of the link do I follow? There are multiple suggestions as to what to do, some are no use because they don't refer to Swashbuckle.AspNetCore 6.n – Gordon Barclay Mar 22 '21 at 13:41
  • Do you think Core is any different from older versions? See : https://stackoverflow.com/questions/41493130/web-api-how-to-add-a-header-parameter-for-all-api-in-swagger – jdweng Mar 22 '21 at 13:47
  • Okay, forget it, all I need is the code that I am missing, not this obfuscation. Thanks anyway. – Gordon Barclay Mar 22 '21 at 13:51

1 Answers1

0

Okay, finally got this working myself, I added the following;

services.AddSwaggerGen(config =>
        {config.AddSecurityDefinition("Authorization", new 
OpenApiSecurityScheme()
            {
                Type = SecuritySchemeType.ApiKey,
                In = ParameterLocation.Header,
                Name = "Authorization",
                Description = "API Key",
                Scheme = "ApiKeyScheme"
            });
            var key = new OpenApiSecurityScheme()
            {
                Reference = new OpenApiReference
                {
                    Type = ReferenceType.SecurityScheme,
                    Id = "Authorization"
                },
                In = ParameterLocation.Header
            };

            var requirement = new OpenApiSecurityRequirement
            {
                {key, new List<string>() }
            };
            config.AddSecurityRequirement(requirement);

    config.SwaggerDoc("v1", new OpenApiInfo { Title = "API", Version= "v1"});

And removed the code; config.OperationFilter<SwaggerFilter>();

This was used to place the ApiKey parameter in Swagger here, which Is what I was trying to achieve. enter image description here

However it would seem that the Authorise should be called from here or clicking on the padlock icon on each of the controllers. enter image description here

I was trying to get the Parameter to work, but no matter what I did it was always returning a Null. Now I'm not sure if you have to use the new Authorize button that appears in Swagger when you apply the changes to the config, but It will do to test this in Swagger, I'd have preferred the API Key parameter, as shown in the first image, to have worked when I added the key and then extract this from the request header.

Nobody seems to be able to point me in either direction regarding this.

Gordon Barclay
  • 13
  • 1
  • 7