Reputation: 2223
How can I exclude an endpoint from requiring authentication/authorization in AspNetCore 3.1?
I'm upgrading a Web API project from AspNetCore 2.1 to 3.1 and unfortunately, post-upgrade our SwaggerUI page returns an HTTP 401 error when attempting to access it. How do I exclude a specific endpoint in AspNetCore 3.1 from requiring authentication and authorization to access it? I've been scouring the internet for the past few hours and haven't found anything pertaining to AspNetCore 3.1.
Upvotes: 1
Views: 2731
Answers (1)
Reputation: 2223
Okay so this fix is specific to Swagger only; I'm not sure how to implement this for other endpoints, but apparently if you move the Swagger code above the calls to services.AddAuthentication() and services.AddAuthorization() in your web services' Startup.cs files, this will allow the Swagger pages to be available without the user having to go through authentication and authorization.
Upvotes: 3
Related Questions
- Enabling authentication in swagger
- .NET-5 Hide swagger endpoints to unauthorized users
- Swagger UI - authentication only for some endpoints
- ASP.NET Core 6 - hide minimal API endpoint from swagger explorer
- NSwag's AspNetCoreOperationSecurityScopeProcessor marks all endpoints as requiring Authorization
- Exclude particular Web Api endpoint from the swagger UI
- How to protect swagger endpoint in .NET Core API?
- Asp.NET Core 2.2: Swagger endpoint specific security definition
- Restrict access to certain API controllers in Swagger using Swashbuckle and ASP.NET Identity
- Spring boot + Swagger UI how to tell endpoint to require bearer token