Swagger is extremely useful when developing and debugging Web APIs. Some dev environments however got a bit of security added on top which can get a bit too painful to work around.<\/p>\n\n\n\n
It doesn’t need to be tedious! We’ll be looking at overriding Swagger-UI’s index page so we can plug a custom handler into\u00a0 I ended up having the following setup (some bits are omitted for brevity):<\/p>\n\n\n\nonComplete<\/code>\u00a0callback. Solution is extremely simple:<\/p>\n\n\n\nconfigObject<\/code> to add an OnComplete<\/code> callback handler so it will call preauthorizeApiKey<\/code><\/a> when the UI is ready<\/li>IndexStream<\/code> in UserSwaggerUI<\/code> extension method to serve the custom html<\/li><\/ol>\n\n\n\nwwwroot\/swashbuckle.html<\/h2>\n\n\n\n
<!-- your standard HTML here, nothing special -->\n<script>\n \/\/ some boilerplate initialisation\n \/\/ Begin Swagger UI call region\n configObject.onComplete = () => {\n\n \/\/ get the authorization portion of the query string\n var urlParams = new URLSearchParams(window.location.search);\n if (urlParams.has('authorization')) {\n var apikey = urlParams.get('authorization');\n\n \/\/ this is the important bit, see documentation\n ui.preauthorizeApiKey('api key', apikey );\/\/ key name must match the one you defined in AddSecurityDefinition method in Startup.cs\n }\n }\n const ui = SwaggerUIBundle(configObject);\n window.ui = ui \n}\n<\/script><\/code><\/pre>\n\n\n\nStartup.cs<\/h2>\n\n\n\n
public void ConfigureServices(IServiceCollection services)\n {\n .........\n services.AddSwaggerGen(c => {\n c.SwaggerDoc(\"v1\", new Info { Title = \"You api title\", Version = \"v1\" });\n c.AddSecurityDefinition(\"api key\", new ApiKeyScheme() \/\/ key name must match the one you supply to preauthorizeApiKey call in JS\n {\n Description = \"Authorization query string expects API key\",\n In = \"query\",\n Name = \"authorization\",\n Type = \"apiKey\"\n });\n\n var requirements = new Dictionary<string, IEnumerable<string>> {\n { \"api key\", new List<string>().AsEnumerable() }\n };\n c.AddSecurityRequirement(requirements);\n });\n }\n\n \/\/ This method gets called by the runtime. Use this method to configure the HTTP request pipeline.\n public void Configure(IApplicationBuilder app, IHostingEnvironment env)\n {\n app.UseSwagger();\n app.UseSwaggerUI(c =>\n {\n c.IndexStream = () => File.OpenRead(\"wwwroot\/swashbuckle.html\"); \/\/ this is the important bit. see documentation https:\/\/github.com\/domaindrivendev\/Swashbuckle.AspNetCore\/blob\/master\/README.md\n c.SwaggerEndpoint(\"\/swagger\/v1\/swagger.json\", \"My API V1\"); \/\/ very standard Swashbuckle init\n });\n app.UseMvc();\n }<\/code><\/pre>\n\n\n\n