0

I’m working on a Rest Api with ASP Net Core 1.0. I use Swashbuckle 6.0.0-beta902 to generate à nice documentation. This documentation come with a Swagger's UI (accessible by swagger/ui/index.htm).

So I want to configure my application to require authenticated users for accessing the swagger/ui/ URL. Indeed, I want to restrict access to the documentation, only for allowed users.

With ASP Net Core 1.0, we just have to add a [Authorize] on a Class or a Method for require authenticated users. But how to defined that an URL need a authenticated user ?

Waldo
  • 1,070
  • 1
  • 11
  • 30

1 Answers1

0

I think, from Asp.Net Core, all your Swagger files should be considered as static files to be served to the client, that you should then put in wwwroot folder. I don't know a built-in way to add an authentication on top of static files, but you could create a small middleware to do that.

Looks a lot like: How do I serve static files only to authorized users in ASP.NET 5?

Alternatively, I imagine you could create a controller to server those swagger files, but it might not be a very good practice here.

Community
  • 1
  • 1
Daboul
  • 2,635
  • 1
  • 16
  • 29