Click here to Skip to main content
16,021,621 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
Hello,

I need help using Swagger in an Asp.Net Core 6.0 API and filtering endpoints.

The goal is that only the endpoints that should be available for a specific end customer are displayed on the Swagger website. And the generated swagger.json only contains the endpoints that are also listed on the website (index.html).

I've done a lot of research and found one or two things about it, but it just doesn't want to work. Basically, I've gotten so far that you can authorize yourself on the Swagger website and depending on which access data/which bearer token was entered and which roles/policies are behind it, only these endpoints are listed. In the swagger.json generated for this purpose, however, the appropriate endpoints are always not listed. And I've tried a lot, but nothing has changed anything.

I also inject a javascript file that adjusts Swagger's behavior so that a token is read and sent with every request. That works so far, but the swagger.json is still not correct and when the link of the swagger.json is called, no request is apparently sent, or the code here does not react to any of the implementations to extend the request with the token.

Maybe someone can help?

Best regards

What I have tried:

I have provided an example project at https://github.com/EdDeLa/SwaggerSecurityTrimmingV1 to give you an overview of the current progress and how to reproduce the error. In the Program.cs you will find the users that are created including the passwords. The data can then be used to authorize Swagger once the project has started. You can use the login endpoint for this. With the token that is then generated, you can authorize yourself at Swagger. In the Swagger dialog you have to enter the token in the following format "Bearer {Token}". Initially, only the login endpoint should be visible and if you log in as admin or user, further and different endpoints should be displayed. However, the generated swagger.json then always contains other endpoints, which is ultimately the problem.
Posted

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900