cancel
Showing results for 
Search instead for 
Did you mean: 

How to restrict and disable Swagger url which is exposed to internet worldwide.

Occasional Visitor

How to restrict and disable Swagger url which is exposed to internet worldwide.

We have a web application(based on microservices) where UI API is exposed and every call from UI goes to Gateway API and based on request we redirect it to respective Apis. So in gateway we decrypt the encrpted email id coming from Ui and do further authentication. We are using swagger documentation for Gateway API to expose methods . We have configured Swagger in our project(built on .NET core) in Startup.cs . The issue is currently the swagger url is exposed to everyone across internet. We want to restrict only for microsoft internal users for which we want to use Azure Active Directory for authentication but we are not able to figure out how to add AAD authentication to swagger pipeline. When the user enters swagger url he should be redirected to AAD login page and then redirects to swagger url if at all he has ben authenticated. How to add authentication at url level only for swagger?We don't want to change our existing authentication for other APIs and also want to add authentication which works for swagger independently. Can someone share some insights?