I'm starting out with Swagger for my REST APIs. The primary goal is to generate server files for Nancy endpoints from Swagger definition. I downloaded the sources and modified the generated files for Nancy to my needs using api.moustache file.
Everything works fine but for one thing: some of the endpoints are protected, while some are not. In docu for swagger format I found that one can provide authentication information per endpoint. Now I want to access this info and if authentication is needed generate in my Nancy module RequireAuthentication()-line.
I located the moustache file and the java file for Nancy generator, but I cannot figure out where and how can I access the authentication info from swagger definition?
After more searching and exploring, I found out the way to edit moustache.api:
{{#operations}}{{#operation}}
{{#hasAuthMethods}}this.RequireAuthentication();{{/hasAuthMethods}}
{{/operation}}{{/operations}}
Related
I’m trying to get some direction as to where I could configure a set of webapi’s to require a set of request headers we’ll need for tracing purposes. We’re required to also generate a OpenAPI spec for these.
I’ve tried the approach here:
Web Api How to add a Header parameter for all API in Swagger
But this only generates the spec and doesn’t enforce the identified headers to be provided.
I did try the approach using the FromHeader attribute at the controller level which did cover both of my requirements but I need to be able to configure these headers using the appsettings configuration.
Is tapping into swagger and writing a custom middleware the only way to achieve what I’m looking for?
Thank you in advanced!
To get started quickly with API Connect, I just want to import a Swagger spec of an existing service and make this service a managed API in API Connect.
API Connect provides an import function for YAML files, but the API can not be tested.
I've seen this scenario several times, so I though it might be useful to have some documentation on this.
When importing a swagger specification, you need to modify a few settings to transform this service definition into an API definition (even though they are quite similar). You need to modify the following parameters:
Schemes https - The Gateway enforces HTTPS
Host: $(catalog.host) - This variable links to the current host (in a certain catalog)
Then, you need to build an assembly. The proxy policy is well suited for building facades, as all content from Headers, Body, etc. is re-routed. For the URL, enter the URL of the endpoint + a context variable that refers to the incoming path, like:
http://example.com$(request.path)
I have created a small video on Youtube to demonstrate the neccessary steps.
From the Ahoy repository's examples (see the README), in the basic example, they do use XML Comments to generate some metadata for Swagger to serve up. However, they only configure it if the app is in the Development configuration. See that specific setup here.
However, what if we want to keep the metadata generated by the XML comments for our production environment? Do you suggest deploying with XML Comments enabled - does it matter? What are you currently doing? Is there a better way?
I'm creating an API that will be consumed by other developers. I want the metadata I've placed in XML comments to be out there for those developers to see in production, not just the Swashbuckle-generated things from the ASP.NET Core annotations.
I am getting myself familiar with all the stuff related to authentication using active directory (both Azure AD and Windows Server AD).
Currently I am inspecting MS Katana project which is based on OWIN specification.
There are three libraries and one of them is kind of confusing for me:
Microsoft.Owin.Security.ActiveDirectory
Microsoft.Owin.Security.OpenIdConnect
Microsoft.Owin.Security.WsFederation
As for OpenId and WsFederation I understand what they are for, there are plenty of examples and articles about that.
What confuses me is the purpose of the ActiveDirectory library. I mean is this another way how to authenticate against active directory besides OpenId and WsFederation?
I am unable to find any relevant clear articles and examples about this one. Even on this site is the libraty only listed, but missing example:
Azure Active Directory Authentication Libraries
So my question is what is this library for and what are the use cases for using it over OpenIdConnect and WsFederation ways.
Thanks
That library contains middleware used for securing Web API with Azure AD. Any sample featuring a web API project in https://github.com/AzureADSamples/ uses it.
I'd like to create a website with authentication using REST framework. Well I'd not like to use it because I didn't understand everything about it, but I have to.
Can I use the REST API and yet have custom templates for administration and simple browsing ?
What I mean is that when I did the REST tutorial (on their website), I didn't see at all where I could put my templates instead of the ones generated by REST. How can I for example use the authentication of REST with my interface, my web template ?
Cannot figure out what do you mean by custom templates ?
Incase you want to begin with REST then you may start with jersey framework. For Security you may use OPenID or the latest OAuth2.0 specs
Here is my tutorial for REST + OAuth2.0
http://restful-fundamentals.blogspot.in/2013/02/rest-and-http.html
http://restful-fundamentals.blogspot.in/2013/04/oauth-20-introducation.html
Google code repo: http://restful-fundamentals.blogspot.in/2013/04/svn-repository-oauth20-spectifications.html