Swagger-Net supporting API Key authentication

Question

We are using token authentication in our WebAPI application. Every call (other then method which obtains key) uses same pattern.

Authorization: our-token v01544b7dce-95c1-4406-ad4d-b29202d0776c

We implemented authentication using Attribute and IActionFilter

Controllers look like so:

[RoutePrefix("api/tms/auth")]
    public class AuthController : BaseController
    {
        public ISecurityService SecurityService { get; set; }

        [TokenAuth]
        [Route("logout")]
        [HttpPost]
        public HttpResponseMessage Logout()
        {
            try
            {
                this.SecurityService.InvalidateAccessToken(this.StaticContextWrapperService.AccountId, token, HttpContext.Current.Request.UserHostAddress);

                // Return OK status
                return new HttpResponseMessage(HttpStatusCode.OK);
            }
            catch (LoginException le)
            {
                return this.LogoutFailureResponse(le.Message);
            }
        }


        private HttpResponseMessage LogoutFailureResponse(string message)
        {
            return new HttpResponseMessage(HttpStatusCode.BadRequest)
            {
                Content = new StringContent(message, Encoding.UTF8, "text/plain")
            };
        }
    }

Swagger config has following:

c.ApiKey("our-token", "header", "Our Token Authentication");

Swagger UI showing "Authorize" button and I can paste token into field on popup. However, no headers passed in any tests. And no methods have "lock" icon on them.

EDIT:

I also tried:

c.ApiKey("our-token", "header", "Our Token Authentication", typeof(TokenAuthAttribute));

Where attribute is just attribute:

[AttributeUsage(AttributeTargets.Method | AttributeTargets.Class)]
    public class TokenAuthAttribute : Attribute
    {
    }

Then we use IActionFilter to check if attribute applied to method and thats where we check for permission. This is done to use service via DI.

EDIT2:

I made change to how Attribute declared:

[AttributeUsage(AttributeTargets.Method | AttributeTargets.Class)]
        public class TokenAuthAttribute : AuthorizeAttribute
        {
        }

After than Swagger UI started to show all methods as secured, so it does analyze that it's in fact AuthorizeAttribute, not just Attribute

After that it started to put header like so: our-token: ZGV2OnYwMTA2YjZmYjdhLWRlNTUtNDZlNC1hN2Q4LTYxMjgwNTg2M2FiZQ==

Where it should be: Authorization: our-token GV2OnYwMTA2YjZmYjdhLWRlNTUtNDZlNC1hN2Q4LTYxMjgwNTg2M2FiZQ==

Answer 1

If I'm not mistaken you should have:

c.ApiKey("our-token", "header", "Our Token Authentication", typeof(TokenAuthAttribute));

With that in place, all the actions tagged with TokenAuth should show a lock icon

---

You can see it in action in one of mine:
https://turoapi.azurewebsites.net/swagger/ui/index

And the code behind that is here:
https://github.com/heldersepu/TuroApi/blob/master/TuroApi/App_Start/SwaggerConfig.cs#L67

---