In this blog, I will be sharing insights on how to effectively manage Conditional Authorization and Swagger Customization.
Case 1
I'm currently working on a problem our QA team found while testing our website. Specifically, there's an issue with one of the features in the application that uses an API. In the QA environment, we need to allow access without authentication, but in the production environment, authentication is required.
To fix this, I added a feature called Conditional Authorize Attribute with help of Environment Variable. This feature lets us control access to the API based on the environment. It allows anonymous access when necessary.
In my situation, I've added a environment variable setting called "ASPNETCORE_ENVIRONMENT" to "QA" in the testing site's pipeline. Because of this, I can use the API on the QA server without requiring authentication.
This method also helps specific authorization rules for the API based on the environment.
Case 2
Additionally, I've added Swagger requests into a value object to meet specific requirements on swagger.
By extending the Swashbuckle Swagger IOperationFilter, I integrated logic tailored to our needs.
This approach allows us to customize requests in Swagger for all APIs directly.
Furthermore, I've implemented a middleware designed to handle responses and here's how it works.
This helps you to modify the response as per needed outcome.
These implementations provide a flexible solution for conditionally authorizing API access and wrapping request/response in an object according to specified requirements.
I'm working as a Software Developer at MagnusMinds IT Solution. I bring 3+ years of professional experience to the table. My expertise spans a range of technologies, including .NET Framework, .NET Core, MVC, ASP.NET, Entity Framework, ADO.NET, SQL, PostgreSQL, C#, Azure DevOps, and Microservices.