学海无涯

导航

Swagger 页面登录验证中间件(Basic认证)

 

 

企业微信截图_17786521583540

 

1. Program.cs

// Configure the HTTP request pipeline.
//if (app.Environment.IsDevelopment())
{
    // 核心:注册Swagger登录验证中间件(必须在 UseSwagger 之前)
    app.UseMiddleware<SwaggerBasicAuthMiddleware>();
    app.UseSwagger();
    app.UseSwaggerUI(c => c.SwaggerEndpoint("/swagger/v1/swagger.json", "My API V1"));
}

2. 中间件 SwaggerBasicAuthMiddleware

using System.Net;
using System.Text;

namespace WebApplicationIIS
{

    /// <summary>
    /// Swagger 页面登录验证中间件(Basic认证)
    /// </summary>
    public class SwaggerBasicAuthMiddleware
    {
        private readonly RequestDelegate _next;
        private readonly string _username;
        private readonly string _password;

        public SwaggerBasicAuthMiddleware(RequestDelegate next,IConfiguration configuration)
        {
            _next = next;
            // 从配置读取账号密码,避免硬编码
            _username = configuration.GetSection("AppSettings")["SwaggerAuth:Username"] ?? "admin";
            _password = configuration.GetSection("AppSettings")["SwaggerAuth:Password"] ?? "123456";
        }

        public async Task InvokeAsync(HttpContext context)
        {
            // 只拦截 Swagger 相关请求(/swagger、/swagger/index.html)
            if (context.Request.Path.StartsWithSegments("/swagger",StringComparison.OrdinalIgnoreCase))
            {
                // 1. 获取请求头中的认证信息
                string authHeader = context.Request.Headers["Authorization"];
                if (authHeader != null && authHeader.StartsWith("Basic ",StringComparison.OrdinalIgnoreCase))
                {
                    // 2. 解码账号密码
                    var encodedUsernamePassword = authHeader.Split(' ', 2, StringSplitOptions.RemoveEmptyEntries)[1]?.Trim();
                    var decodedUsernamePassword = Encoding.UTF8.GetString(Convert.FromBase64String(encodedUsernamePassword));
                    var username = decodedUsernamePassword.Split(':', 2)[0];
                    var password = decodedUsernamePassword.Split(':', 2)[1];

                    // 3. 验证账号密码
                    if (username.Equals(_username) && password.Equals(_password))
                    {
                        await _next(context);
                        return;
                    }
                }

                // 4. 未认证/认证失败:弹出登录弹窗
                context.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
                context.Response.Headers.Append("WWW-Authenticate", "Basic realm=\"Swagger UI\"");
                return;
            }

            // 非Swagger请求,直接放行
            await _next(context);
        }
    }
}

3. appsetting.json

 "AppSettings": {
   "SiteName": "HangfireMRPWorkerService",
   "SwaggerAuth": {
     "Username": "admin",
     "Password": "@Lg123456$"
   }


 }

 

posted on 2026-05-13 14:04  宁静致远.  阅读(10)  评论(0)    收藏  举报