SwaggerBasicAuthMiddleware for securing swagger docs does not work with jwt authorize authentication

Question

SwaggerBasicAuthMiddleware for securing swagger docs does not work with jwt authorize authentication

Tony 61

Good day guys,

I have been trying to secure swagger docs using SwaggerBasicAuthMiddleware where it will authenticate the user before accessing the documentation and viewing of the methods. This part does work well. But the other part where i want to use jwt for accessing the methods and sending of post requests. Does not work having both. if i remove the SwaggerBasicAuthMiddleware for authentication of swagger ui. It starts to work with jwt and i can send request and get the token.

for example this is the secured part which works well.

User's image

But after accessing the the docs and methods. The authentication method to authorize the api with jwt does not work.

any help will be appreciated

thank you

Anonymous

2023-02-24T06:24:15.96+00:00

Hi @Tony

Can you share the relates code about the SwaggerBasicAuthMiddleware?

Tony 61

Hi @Anonymous ,

here is the full code for SwaggerBasicAuthMiddleware

 public class SwaggerBasicAuthMiddleware
    {
        private readonly RequestDelegate _requestDelegate;
        private readonly SqlConnectionConfiguration _connectionConfiguration;

        public SwaggerBasicAuthMiddleware(RequestDelegate requestDelegate, SqlConnectionConfiguration connectionConfiguration)
        {
            _requestDelegate = requestDelegate;
            _connectionConfiguration = connectionConfiguration;
        }

        public async Task InvokeAsync(HttpContext context) 
        {
            if (context.Request.Path.StartsWithSegments("/swagger"))
            {
                string authHeader = context.Request.Headers["Authorization"];
                if (authHeader != null && authHeader.StartsWith("Basic ")) 
                {
                    //Get the credentials from request header
                    var header = AuthenticationHeaderValue.Parse(authHeader);
                    var inBytes = Convert.FromBase64String(header.Parameter ?? "");
                    var credentials = Encoding.UTF8.GetString(inBytes).Split(':');
                    var username = credentials[0];
                    var password = credentials[1];

                    //validate credentials
                    if (IsLoginValid(username,password)) 
                    {
                        await _requestDelegate.Invoke(context).ConfigureAwait(false);
                        return;
                    }
                    else
                    {
                        context.Response.StatusCode = (int)HttpStatusCode.NetworkAuthenticationRequired;
                    }
                }
                context.Response.Headers["WWW-Authenticate"] = "Basic";
                context.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
            }
        }

//extension class

 public static class AuthorizedSwaggerExtention
    {
        public static IApplicationBuilder UseSwaggerAuthorized(this IApplicationBuilder builder)
        {
            return builder.UseMiddleware<SwaggerBasicAuthMiddleware>();
        }
    }

//controller for generation of jwt for authorizing methods.

 public class LoginController : ControllerBase
    {
        [HttpPost]
        public IActionResult Login(LoginDTO loginDTO)
        {
            try
            {
                if (string.IsNullOrEmpty(loginDTO.Username) || string.IsNullOrEmpty(loginDTO.Password))
                {
                    return BadRequest("Username and/or Password not specified");
                }

                if (loginDTO.Username.Equals("****") && loginDTO.Password.Equals("############"))
                {
                    var secreteKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("
                    var signinCredentials = new SigningCredentials(secreteKey, SecurityAlgorithms.HmacSha256);
                    var jwtSecurityToken = new JwtSecurityToken(
                        issuer: "Intelligentgaming",
                        audience: "https://localhost:7087/swagger/index.html",
                        claims: new List<Claim>(),
                        expires: DateTime.Now.AddMinutes(20),
                        signingCredentials: signinCredentials);
                    return Ok(new JwtSecurityTokenHandler().WriteToken(jwtSecurityToken));
                }
            }
            catch (Exception)
            {

                return BadRequest("An error occured in generating the token");
            }
            return Unauthorized();
        }
}
my Program class looks like this

using Microsoft.AspNetCore.Authentication.JwtBearer;
using Newtonsoft.Json.Serialization;
using Microsoft.IdentityModel.Tokens;
using Microsoft.OpenApi.Models;
using System.Text;
using Stratechv2.Models;
using Microsoft.Extensions.Options;
using Stratechv2.Class;

var builder = WebApplication.CreateBuilder(args);

// Add services to the container.

//builder.Services.AddControllers();
// Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle
//builder.Services.AddControllers();
builder.Services.AddControllersWithViews()
                .AddNewtonsoftJson(options => options.SerializerSettings.ContractResolver = new DefaultContractResolver());
var sqlConnectionConfiguration = new SqlConnectionConfiguration(builder.Configuration.GetConnectionString("SqlDbContext"));
builder.Services.AddSingleton(sqlConnectionConfiguration);

builder.Services.AddAuthentication(opt =>
{
    opt.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
    opt.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(options =>
{
    options.TokenValidationParameters = new TokenValidationParameters
    {
        ValidateIssuer = true,
        ValidateAudience = true,
        ValidateLifetime = true,
        ValidateIssuerSigningKey = true,

        ValidIssuer = "Tony",
        ValidAudience = "https://localhost:7087/swagger/index.html",
        IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("################"))
    };
});

builder.Services.AddEndpointsApiExplorer();
builder.Services.AddSwaggerGen(options =>
{
    options.SwaggerDoc("v1", new Microsoft.OpenApi.Models.OpenApiInfo
    {
        Title = "credit API",
        Version = "v2",
        Description = "Creditv2"
    });

    options.AddSecurityDefinition("Bearer", new OpenApiSecurityScheme
    {
        In = ParameterLocation.Header,
        Description = "Please enter a valid token",
        Name = "Authorization",
        Type = SecuritySchemeType.Http,
        BearerFormat = "JWT",
        Scheme = "bearer"
    });

    options.AddSecurityRequirement(new OpenApiSecurityRequirement
    {
        {
            new OpenApiSecurityScheme
            {
                Reference = new OpenApiReference
                {
                    Type=ReferenceType.SecurityScheme,
                    Id="Bearer"
                }
            },
            new string[] {}
        }
    });
    
});

var app = builder.Build();

// Configure the HTTP request pipeline.
if (app.Environment.IsDevelopment())
{
 app.UseDeveloperExceptionPage();
  
}
app.UseAuthentication();

app.UseSwaggerAuthorized();
app.UseSwagger();
app.UseSwaggerUI(c =>
{
#if DEBUG

    c.SwaggerEndpoint("/swagger/v1/swagger.json", "credit API v2");
    c.InjectStylesheet("/swagger-custom/swagger-custom-styles.css");
    c.InjectJavascript("/swagger-custom/swagger-custom-script.js", "text/javascript");
#else
        
        c.SwaggerEndpoint("/swagger/v1/swagger.json", "credit API v2");
        c.InjectStylesheet("/swagger-custom/swagger-custom-styles.css");
        c.InjectJavascript("/swagger-custom/swagger-custom-script.js", "text/javascript");
#endif
});





app.UseStaticFiles();
app.UseHttpsRedirection();
app.UseRouting();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
    endpoints.MapControllers();
});
//app.MapControllers();
app.Run();

on the main controller i have a method which is marked with authorize. when i comment out the middleware class the authorize starts to work and i can generate the jwt token. but as soon as i remove it from comments and try to generate the jwt key which i will use to access the methods. it does not work. it returns 200 ok.

   
        [HttpPost]
        [Authorize]
        [Route("verify")]
       public ActionResult verifyaccount([FromBody] VerifyAccount Verify)
        {

Tony 61

Hi @Anonymous ,

here is the full code for SwaggerBasicAuthMiddleware,

1st part SwaggerbasicAuthMiddleware
2nd part Extension method to the SwaggerBasicAuthMiddleware
3rd part the Login to generate the jwt token used for a brear token for each request.
The problem comes when i have secured using the middleware and having the protected part of the api with jwt token not working.


 public class SwaggerBasicAuthMiddleware
    {
        private readonly RequestDelegate _requestDelegate;
        private readonly SqlConnectionConfiguration _connectionConfiguration;

        public SwaggerBasicAuthMiddleware(RequestDelegate requestDelegate, SqlConnectionConfiguration connectionConfiguration)
        {
            _requestDelegate = requestDelegate;
            _connectionConfiguration = connectionConfiguration;
        }

        public async Task InvokeAsync(HttpContext context) 
        {
            if (context.Request.Path.StartsWithSegments("/swagger"))
            {
                string authHeader = context.Request.Headers["Authorization"];
                if (authHeader != null && authHeader.StartsWith("Basic ")) 
                {
                    //Get the credentials fro request header
                    var header = AuthenticationHeaderValue.Parse(authHeader);
                    var inBytes = Convert.FromBase64String(header.Parameter ?? "");
                    var credentials = Encoding.UTF8.GetString(inBytes).Split(':');
                    var username = credentials[0];
                    var password = credentials[1];

                    //validate credentials
                    if (IsLoginValid(username,password)) 
                    {
                        await _requestDelegate.Invoke(context).ConfigureAwait(false);
                        return;
                    }
                    else
                    {
                        context.Response.StatusCode = (int)HttpStatusCode.NetworkAuthenticationRequired;
                    }
                }
                context.Response.Headers["WWW-Authenticate"] = "Basic";
                context.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
            }
        }
}
//extension method for the middleware
 public static class AuthorizedSwaggerExtention
    {
        public static IApplicationBuilder UseSwaggerAuthorized(this IApplicationBuilder builder)
        {
            return builder.UseMiddleware<SwaggerBasicAuthMiddleware>();
        }
    }
////Program file
using Microsoft.AspNetCore.Authentication.JwtBearer;
using Newtonsoft.Json.Serialization;
using Microsoft.IdentityModel.Tokens;
using Microsoft.OpenApi.Models;
using System.Text;
using Stratechv2.Models;
using Microsoft.Extensions.Options;
using Stratechv2.Class;

var builder = WebApplication.CreateBuilder(args);

// Add services to the container.

//builder.Services.AddControllers();
// Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle
//builder.Services.AddControllers();
builder.Services.AddControllersWithViews()
                .AddNewtonsoftJson(options => options.SerializerSettings.ContractResolver = new DefaultContractResolver());
var sqlConnectionConfiguration = new SqlConnectionConfiguration(builder.Configuration.GetConnectionString("SqlDbContext"));
builder.Services.AddSingleton(sqlConnectionConfiguration);

builder.Services.AddAuthentication(opt =>
{
    opt.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
    opt.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(options =>
{
    options.TokenValidationParameters = new TokenValidationParameters
    {
        ValidateIssuer = true,
        ValidateAudience = true,
        ValidateLifetime = true,
        ValidateIssuerSigningKey = true,

        ValidIssuer = "Intelligent",
        ValidAudience = "https://localhost:7087/swagger/index.html",
        IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("#################"))
    };
});

builder.Services.AddEndpointsApiExplorer();
builder.Services.AddSwaggerGen(options =>
{
    options.SwaggerDoc("v1", new Microsoft.OpenApi.Models.OpenApiInfo
    {
        Title = "credit API",
        Version = "v2",
        Description = "Creditv2"
    });

    options.AddSecurityDefinition("Bearer", new OpenApiSecurityScheme
    {
        In = ParameterLocation.Header,
        Description = "Please enter a valid token",
        Name = "Authorization",
        Type = SecuritySchemeType.Http,
        BearerFormat = "JWT",
        Scheme = "bearer"
    });

    options.AddSecurityRequirement(new OpenApiSecurityRequirement
    {
        {
            new OpenApiSecurityScheme
            {
                Reference = new OpenApiReference
                {
                    Type=ReferenceType.SecurityScheme,
                    Id="Bearer"
                }
            },
            new string[] {}
        }
    });
    
});

var app = builder.Build();

// Configure the HTTP request pipeline.
if (app.Environment.IsDevelopment())
{
 app.UseDeveloperExceptionPage();
  
}
app.UseAuthentication();

app.UseSwaggerAuthorized();
app.UseSwagger();
app.UseSwaggerUI(c =>
{
#if DEBUG

    c.SwaggerEndpoint("/swagger/v1/swagger.json", "credit API v2");
    c.InjectStylesheet("/swagger-custom/swagger-custom-styles.css");
    c.InjectJavascript("/swagger-custom/swagger-custom-script.js", "text/javascript");
#else
        
        c.SwaggerEndpoint("/swagger/v1/swagger.json", "credit API v2");
        c.InjectStylesheet("/swagger-custom/swagger-custom-styles.css");
        c.InjectJavascript("/swagger-custom/swagger-custom-script.js", "text/javascript");
#endif
});





app.UseStaticFiles();
app.UseHttpsRedirection();
app.UseRouting();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
    endpoints.MapControllers();
});
//app.MapControllers();
app.Run();

//login Controller

 public class LoginController : ControllerBase
    {
        [HttpPost]
        public IActionResult Login(LoginDTO loginDTO)
        {
            try
            {
                if (string.IsNullOrEmpty(loginDTO.Username) || string.IsNullOrEmpty(loginDTO.Password))
                {
                    return BadRequest("Username and/or Password not specified");
                }

                if (loginDTO.Username.Equals("*****") && loginDTO.Password.Equals("**********"))
                {
                    var secreteKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("################"));
                    var signinCredentials = new SigningCredentials(secreteKey, SecurityAlgorithms.HmacSha256);
                    var jwtSecurityToken = new JwtSecurityToken(
                        issuer: "Intelligent",
                        audience: "https://localhost:7087/swagger/index.html",
                        claims: new List<Claim>(),
                        expires: DateTime.Now.AddMinutes(1),
                        signingCredentials: signinCredentials);
                    return Ok(new JwtSecurityTokenHandler().WriteToken(jwtSecurityToken));
                }
            }
            catch (Exception)
            {

                return BadRequest("An error occured in generating the token");
            }
            return Unauthorized();
        }
        [HttpPost]
        [Authorize]
        [Route("verify")]
       public ActionResult verifyaccount([FromBody] VerifyAccount Verify)
        {

Accepted answer

0 additional answers

Your answer

Anonymous

2023-02-24T06:24:15.96+00:00

Hi @Tony

Can you share the relates code about the SwaggerBasicAuthMiddleware?

Answer 1

Hi @Tony

According to your code, I create a sample with the following code, the Swagger authentication and JWT authentication works well.

Program.cs

using ApiWebApplication.Services;
using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.IdentityModel.Tokens;
using Microsoft.OpenApi.Models;
using System.Text;

var builder = WebApplication.CreateBuilder(args);

// Add services to the container.

builder.Services.AddControllers();
// Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle
builder.Services.AddEndpointsApiExplorer();
builder.Services.AddSwaggerGen();
builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
    .AddJwtBearer(options =>
    {
        options.TokenValidationParameters = new TokenValidationParameters
        {
            ValidateIssuer = true,
            ValidateAudience = true,
            ValidateLifetime = true,
            ValidateIssuerSigningKey = true,
            ValidIssuer = builder.Configuration["Jwt:Issuer"],
            ValidAudience = builder.Configuration["Jwt:Issuer"],
            IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(builder.Configuration["Jwt:Key"]))
        };
    });
builder.Services.AddSwaggerGen(c => {
    c.SwaggerDoc("v1", new OpenApiInfo
    {
        Title = "JWTToken_Auth_API",
        Version = "v1"
    });
    c.AddSecurityDefinition("Bearer", new OpenApiSecurityScheme()
    {
        Name = "Authorization",
        Type = SecuritySchemeType.Http,
        Scheme = "Bearer",
        BearerFormat = "JWT",
        In = ParameterLocation.Header,
        Description = "Please enter a valid token",
    });
    c.AddSecurityRequirement(new OpenApiSecurityRequirement {
        {
            new OpenApiSecurityScheme {
                Reference = new OpenApiReference {
                    Type = ReferenceType.SecurityScheme,
                        Id = "Bearer"
                }
            },
            new string[] {}
        }
    });
});
var app = builder.Build();
 
app.UseAuthorization();

app.UseSwaggerAuthorized(); 
app.UseSwagger();
app.UseSwaggerUI(c =>
{
#if DEBUG

    c.SwaggerEndpoint("/swagger/v1/swagger.json", "credit API v2");
    c.InjectStylesheet("/swagger-custom/swagger-custom-styles.css");
    c.InjectJavascript("/swagger-custom/swagger-custom-script.js", "text/javascript");
#else
        
        c.SwaggerEndpoint("/swagger/v1/swagger.json", "credit API v2");
        c.InjectStylesheet("/swagger-custom/swagger-custom-styles.css");
        c.InjectJavascript("/swagger-custom/swagger-custom-script.js", "text/javascript");
#endif
});

app.UseHttpsRedirection(); 

app.MapControllers(); 
app.Run();

SwaggerBasicAuthMiddleware class:

    public class SwaggerBasicAuthMiddleware
    {
        private readonly RequestDelegate next;

        public SwaggerBasicAuthMiddleware(RequestDelegate next)
        {
            this.next = next;
        }

        public async Task InvokeAsync(HttpContext context)
        {
            //Make sure we are hitting the swagger path, and not doing it locally as it just gets annoying :-)
            if (context.Request.Path.StartsWithSegments("/swagger"))
            {
                string authHeader = context.Request.Headers["Authorization"];
                if (authHeader != null && authHeader.StartsWith("Basic "))
                {
                    // Get the encoded username and password
                    var encodedUsernamePassword = authHeader.Split(' ', 2, StringSplitOptions.RemoveEmptyEntries)[1]?.Trim();

                    // Decode from Base64 to string
                    var decodedUsernamePassword = Encoding.UTF8.GetString(Convert.FromBase64String(encodedUsernamePassword));

                    // Split username and password
                    var username = decodedUsernamePassword.Split(':', 2)[0];
                    var password = decodedUsernamePassword.Split(':', 2)[1];

                    // Check if login is correct
                    if (IsAuthorized(username, password))
                    {
                        await next.Invoke(context);
                        return;
                    }
                }

                // Return authentication type (causes browser to show login dialog)
                context.Response.Headers["WWW-Authenticate"] = "Basic";

                // Return unauthorized
                context.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
            }
            else
            {
                await next.Invoke(context);
            }
        }

        public bool IsAuthorized(string username, string password)
        {
            // Check that username and password are correct
            return username.Equals("Admin", StringComparison.InvariantCultureIgnoreCase)
                    && password.Equals("a123");
        }  
    }

SwaggerAuthorizeExtensions class:

    public static class SwaggerAuthorizeExtensions
    {
        public static IApplicationBuilder UseSwaggerAuthorized(this IApplicationBuilder builder)
        {
            return builder.UseMiddleware<SwaggerBasicAuthMiddleware>();
        }
    }

The login controller:

    [Route("api/[controller]")]
    [ApiController]
    public class LoginController : ControllerBase
    {
        private IConfiguration _config;

        public LoginController(IConfiguration config)
        {
            _config = config;
        }
        [AllowAnonymous]
        [HttpPost]
        public IActionResult Login([FromBody] LoginDTO login)
        {
            IActionResult response = Unauthorized();
            var user = AuthenticateUser(login);

            if (user != null)
            {
                var tokenString = GenerateJSONWebToken(user);
                response = Ok(new { token = tokenString });
            }

            return response;
        }

        [HttpPost]
        [Authorize]
        [Route("verify")]
        public ActionResult verifyaccount([FromBody] VerifyAccount Verify)
        {
            return Ok("Success");
        }

        private string GenerateJSONWebToken(LoginDTO userInfo)
        {
            var securityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_config["Jwt:Key"]));
            var credentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256);

            var token = new JwtSecurityToken(_config["Jwt:Issuer"],
              _config["Jwt:Issuer"],
              null,
              expires: DateTime.Now.AddMinutes(120),
              signingCredentials: credentials);

            return new JwtSecurityTokenHandler().WriteToken(token);
        }

        private LoginDTO AuthenticateUser(LoginDTO login)
        {
            LoginDTO user = null;

            //Validate the User Credentials    
            //Demo Purpose, I have Passed HardCoded User Information    
            if (login.Username == "admin")
            {
                user = new LoginDTO { Username = "admin", EmailAddress = "******@gmail.com" };
            }
            return user;
        }
    }

The result as below:

If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Best regards,

Dillion

Tony 61 Reputation points

2023-02-28T22:08:47.3833333+00:00

Hi @Anonymous ,

Thanks for the feedback.

just have these questions.

which version of visual studio are you using?
did you use .net 6 core for this api?

I'm using visual studio Microsoft Visual Studio 2022 (64-bit) - Current

Version 17.5.1 with .net 6 core selected framework for the api. Im able to get to a point where i do get unauthorized response if i try to access the method without the token. But as for generating the token. It still a mystery on my side. it just returns 200 status code message. see below screen shot

this is when accessing the method without the token. which is correct error response

generating token getting 200 status success without the token.

in the program file. I have it set like this below.

when i comment out this line below. The login method starts to generate the token.

app.UseSwaggerAuthorized();

app.UseStaticFiles(); app.UseRouting(); app.UseAuthentication(); app.UseAuthorization(); app.UseSwaggerAuthorized(); app.UseSwagger(); app.UseSwaggerUI(c => { #if DEBUG c.SwaggerEndpoint("/swagger/v1/swagger.json", "credit API v2"); c.InjectStylesheet("/swagger-custom/swagger-custom-styles.css"); c.InjectJavascript("/swagger-custom/swagger-custom-script.js", "text/javascript"); #else c.SwaggerEndpoint("/webservices/Stratechv2/swagger/v1/swagger.json", "credit API v2"); c.InjectStylesheet("/webservices/Stratechv2/swagger-custom/swagger-custom-styles.css"); c.InjectJavascript("/webservices/Stratechv2/swagger-custom/swagger-custom-script.js", "text/javascript"); #endif }); app.UseHttpsRedirection(); app.MapControllers(); app.Run();

kind regards

Tony
Anonymous

2023-03-01T08:25:26.2733333+00:00

Hi @Tony

I'm using VS 2022 17.5.1 version and the Api version is .Net 7.

I tried to downgrade the API version to Asp.net 6, the application keeps showing the 401 error, even I give the correct JWT token. But if I migrate it to Asp.net 7, it works well. So, try to migrate the application from Asp.net 6 to Asp.net 7.

The .csproj file: you can change the TragetFramework to net7.0 and upgrade the installed package to 7.0.X version.

<Project Sdk="Microsoft.NET.Sdk.Web"> <PropertyGroup> <TargetFramework>net7.0</TargetFramework> <Nullable>enable</Nullable> <ImplicitUsings>enable</ImplicitUsings> </PropertyGroup> <ItemGroup> <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="7.0.3" /> <PackageReference Include="Swashbuckle.AspNetCore" Version="6.4.0" /> </ItemGroup> </Project>

Best regards,
Dillion
Tony 61 Reputation points

2023-03-03T14:47:43.19+00:00

Good day @Anonymous ,

after i spent a day, to figure out why its not working on .net 6. i find it very interesting. could it be that its feature thats not available on .net 6 core web api? or its a bug related which is yet to be fixed?

converting to .net 7 still didnt solve the problem. But creating a new project with .net 7 indeed it works as expected :)

i think there is some limitation on .net 6. Im still trying to figure out why its not working on it.

kind regards

Tony

Share via

SwaggerBasicAuthMiddleware for securing swagger docs does not work with jwt authorize authentication

0 additional answers

Your answer