diff --git a/Falcon.SugarApi/Swagger/SwaggerBasicAuthMiddleware.cs b/Falcon.SugarApi/Swagger/SwaggerBasicAuthMiddleware.cs
index a2797fb..ae23755 100644
--- a/Falcon.SugarApi/Swagger/SwaggerBasicAuthMiddleware.cs
+++ b/Falcon.SugarApi/Swagger/SwaggerBasicAuthMiddleware.cs
@@ -1,7 +1,6 @@
 using Microsoft.AspNetCore.Http;
 using System;
 using System.Collections.Generic;
-using System.Linq;
 using System.Net;
 using System.Net.Http.Headers;
 using System.Text;
@@ -11,6 +10,7 @@ namespace Falcon.SugarApi.Swagger
 {
     /// <summary>
     /// Swagger接口基础认证
+    /// <para>安全认证只对swagger接口页面进行保护</para>
     /// </summary>
     public class SwaggerBasicAuthMiddleware
     {
@@ -47,12 +47,15 @@ namespace Falcon.SugarApi.Swagger
                 await ToNext(context);
                 return;
             }
+            var protectPaths = new List<string> { };
             var pf = this.Options.Prefix.StartsWith("/") ? this.Options.Prefix : "/" + this.Options.Prefix;
-            if(!context.Request.Path.StartsWithSegments(pf)) {
+            protectPaths.Add(pf);
+            protectPaths.Add(pf + "/index.html");
+            if(!protectPaths.Contains(context.Request.Path)) {
                 await ToNext(context);
                 return;
             }
-            string authHeader = context.Request.Headers["Authorization"];
+            string? authHeader = context.Request.Headers["Authorization"];
             if(authHeader == null || !authHeader.StartsWith("Basic ")) {
                 needAuth(context);
                 return;