Documentation on securing swagger UI endpoint

Some development teams want to expose Swagger UI in production (our templates only expose it in development by default) - but still want to limit who can see the swagger document. We need some documentation that discusses approaches for doing this. Conventional wisdom on Stack Overflow probably isn't correct where folks use middleware with varying degrees of correctness.

Instead it is possible with more recent versions of Swashbuckle to do this:

```csharp
app.MapSwagger().RequireAuthorization("policyname");
```


---
#### Document Details

⚠ *Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.*

* ID: f34eea37-51a4-6227-f5ed-6501624ad045
* Version Independent ID: 2994cf60-0cb7-afa2-20b8-7e2b1117f964
* Content: [ASP.NET Core web API documentation with Swagger / OpenAPI](https://learn.microsoft.com/en-us/aspnet/core/tutorials/web-api-help-pages-using-swagger?view=aspnetcore-7.0)
* Content Source: [aspnetcore/tutorials/web-api-help-pages-using-swagger.md](https://github.com/dotnet/AspNetCore.Docs/blob/main/aspnetcore/tutorials/web-api-help-pages-using-swagger.md)
* Product: **aspnet-core**
* Technology: **aspnetcore-tutorials**
* GitHub Login: @RicoSuter
* Microsoft Alias: **scaddie**




---
[Associated WorkItem - 148470](https://dev.azure.com/msft-skilling/Content/_workitems/edit/148470)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Documentation on securing swagger UI endpoint #30067

Document Details

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Documentation on securing swagger UI endpoint #30067

Description

Document Details

Metadata

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Issue actions