diff --git a/VERAG_REST_SERVER/App_Start/AddAuthTokenHeaderParamete.vb b/VERAG_REST_SERVER/App_Start/AddAuthTokenHeaderParamete.vb new file mode 100644 index 0000000..10c0554 --- /dev/null +++ b/VERAG_REST_SERVER/App_Start/AddAuthTokenHeaderParamete.vb @@ -0,0 +1,30 @@ +'Imports System.Web.Http.Description +'Imports System.Web.Http.Filters +'Imports Microsoft.AspNetCore.Authorization +'Imports Swashbuckle.Swagger + +'Public Class AddAuthTokenHeaderParameter +' Implements IOperationFilter + +' Public Sub Apply(operation As Operation, schemaRegistry As SchemaRegistry, apiDescription As ApiDescription) Implements IOperationFilter.Apply + +' Dim filterPipeline = apiDescription.ActionDescriptor.GetFilterPipeline() +' Dim isAuthorized = filterPipeline.Select(Function(s) s.Instance).Any(Function(sc) sc.GetType().Equals(GetType(IAuthorizationFilter))) + +' Dim allowAnonymous = apiDescription.ActionDescriptor.GetCustomAttributes(Of AllowAnonymousAttribute)().Any() + +' If isAuthorized And (Not allowAnonymous) Then +' If operation.parameters Is Nothing Then +' operation.parameters = New List(Of Parameter) +' End If +' operation.parameters.Add(New Parameter With { +' .name = "Authorization", +' .in = "header", +' .description = "access token", +' .required = True, +' .type = "string" +' }) +' End If + +' End Sub +'End Class diff --git a/VERAG_REST_SERVER/App_Start/AddAuthorizationHeaderParameterOperationFilter.vb b/VERAG_REST_SERVER/App_Start/AddAuthorizationHeaderParameterOperationFilter.vb new file mode 100644 index 0000000..c6c71c3 --- /dev/null +++ b/VERAG_REST_SERVER/App_Start/AddAuthorizationHeaderParameterOperationFilter.vb @@ -0,0 +1,34 @@ +Imports Newtonsoft.Json.Linq +Imports Swashbuckle.Swagger +Imports System.Web.Http +Imports System.Web.Http.Description +Imports System.Web.Http.Filters + +Public Class AddAuthorizationHeaderParameterOperationFilter + Implements IOperationFilter + + Public Sub Apply(ByVal operation As Operation, ByVal schemaRegistry As SchemaRegistry, ByVal apiDescription As ApiDescription) + 'Dim myTokenAttribute = apiDescription.GetControllerAndActionAttributes(Of )().Any() + Dim filterPipeline = apiDescription.ActionDescriptor.GetFilterPipeline() + Dim isAuthorized = filterPipeline.[Select](Function(filterInfo) filterInfo.Instance).Any(Function(filter) TypeOf filter Is IAuthorizationFilter) + Dim allowAnonymous = apiDescription.ActionDescriptor.GetCustomAttributes(Of AllowAnonymousAttribute)().Any() + + If isAuthorized AndAlso Not allowAnonymous Then + If operation.parameters Is Nothing Then + operation.parameters = New List(Of Parameter) + End If + + operation.parameters.Add(New Parameter With { + .name = "Authorization", + .[in] = "header", + .description = "access token", + .required = True, + .type = "string" + }) + End If + End Sub + + Private Sub IOperationFilter_Apply(operation As Operation, schemaRegistry As SchemaRegistry, apiDescription As ApiDescription) Implements IOperationFilter.Apply + Apply(operation, schemaRegistry, apiDescription) + End Sub +End Class diff --git a/VERAG_REST_SERVER/App_Start/SwaggerConfig.vb b/VERAG_REST_SERVER/App_Start/SwaggerConfig.vb index 58ddc36..ab6333b 100644 --- a/VERAG_REST_SERVER/App_Start/SwaggerConfig.vb +++ b/VERAG_REST_SERVER/App_Start/SwaggerConfig.vb @@ -20,6 +20,8 @@ Public Class SwaggerConfig GlobalConfiguration.Configuration.EnableSwagger(Function(c) 'c.SingleApiVersion("v1", descr) + + c.PrettyPrint() c.MultipleApiVersions(Function(apiDesc, targetApiVersion) ResolveVersionSupportByRouteConstraint(apiDesc, targetApiVersion), Function(vc) @@ -27,18 +29,24 @@ Public Class SwaggerConfig vc.Version("v2", descr & " V2") vc.Version("v3", descr & " V3") End Function) - c.ApiKey("apiKey").Description("API Key Authentication").Name("apiKey").In("header") + 'c.OAuth2("oauth2").Description("OAuth2 Implicit Grant").Flow("implicit").AuthorizationUrl("http://petstore.swagger.wordnik.com/api/oauth/dialog").Scopes(Function(scopes) ' scopes.Add("read", "Read access to protected resources") ' scopes.Add("write", "Write access to protected resources") ' End Function) + c.BasicAuth("basic").Description("Basic HTTP Authentication") + c.OperationFilter(Of AddAuthorizationHeaderParameterOperationFilter)() + + + 'c.IncludeXmlComments($"{AppDomain.CurrentDomain.BaseDirectory}\bin\MyApi.XML") + 'c.RootUrl(Function(req) "http://localhost:58452/") End Function).EnableSwaggerUi(Function(c) c.DocumentTitle(descr) c.EnableDiscoveryUrlSelector() - c.DocExpansion(DocExpansion.List) - c.EnableApiKeySupport("apiKey", "header") + c.DocExpansion(DocExpansion.Full) + 'c.EnableOAuth2Support(clientId:="test-client-id", clientSecret:=Nothing, realm:="test-realm", appName:="Swagger UI", additionalQueryStringParams:=New Dictionary(Of String, String)() From { ' {"foo", "bar"} '}) diff --git a/VERAG_REST_SERVER/App_Start/WebApiConfig.vb b/VERAG_REST_SERVER/App_Start/WebApiConfig.vb index b37f493..9a4bfae 100644 --- a/VERAG_REST_SERVER/App_Start/WebApiConfig.vb +++ b/VERAG_REST_SERVER/App_Start/WebApiConfig.vb @@ -59,6 +59,7 @@ Public Module WebApiConfig Dim constraintsResolver = New DefaultInlineConstraintResolver() constraintsResolver.ConstraintMap.Add("apiVersion", GetType(ApiVersionRouteConstraint)) config.MapHttpAttributeRoutes(constraintsResolver) + 'config.Filters.Add(New AuthorizeAttribute) config.AddApiVersioning(Function(options) @@ -78,27 +79,6 @@ Public Module WebApiConfig SwaggerConfig.Register(config) - ' config.Routes.MapHttpRoute( - ' name:="AVISORoute2", - ' routeTemplate:="api/v{version:apiVersion}/{controller}/{id}", - ' defaults:=New With {.id = RouteParameter.Optional} - ') - - ' 'TEST/ - ' config.Routes.MapHttpRoute( - ' name:="AVISORoute0TEST", - ' routeTemplate:="api/v{version:apiVersion}/{controller}/AVISO", - ' defaults:=New With {.id = RouteParameter.Optional} - ' ) - - - ' config.Routes.MapHttpRoute( - ' name:="AVISO", - ' routeTemplate:="api/v{version:apiVersion}/{controller}/{id}", - ' defaults:=New With {.id = RouteParameter.Optional, .Constraints = New Microsoft.Web.Http.Routing.ApiVersionRouteConstraint()} - ' ) - - End Sub diff --git a/VERAG_REST_SERVER/Controllers/V1/AvisoController/AVISOController.vb b/VERAG_REST_SERVER/Controllers/V1/AvisoController/AVISOController.vb index 1e7c6e1..85e32eb 100644 --- a/VERAG_REST_SERVER/Controllers/V1/AvisoController/AVISOController.vb +++ b/VERAG_REST_SERVER/Controllers/V1/AvisoController/AVISOController.vb @@ -7,11 +7,30 @@ Namespace ApiController.Controllers + Public Class AVISOController Inherits System.Web.Http.ApiController + + + 'If myTokenAttribute Then + + 'If operation.parameters Is Nothing Then + ' operation.parameters = New List(Of Parameter)() + ' End If + + ' operation.parameters.Add(New Parameter() With { + ' .name = "Authorization Token", + ' .[in] = "header", + ' .description = "my token description", + ' .required = True, + ' .type = "string" + ' }) + 'End If + + Public Function GetValue() As String - Return "Hello world!" + Return "Hello world! -> muss autorisiert werden!" End Function Public Function PostValue(ByVal API_AVISO As VERAG_PROG_ALLGEMEIN.cVERAG_in_TRAviso) As String diff --git a/VERAG_REST_SERVER/VERAG_REST_SERVER.vbproj b/VERAG_REST_SERVER/VERAG_REST_SERVER.vbproj index 7dc8f13..9539126 100644 --- a/VERAG_REST_SERVER/VERAG_REST_SERVER.vbproj +++ b/VERAG_REST_SERVER/VERAG_REST_SERVER.vbproj @@ -253,6 +253,8 @@ + +