Edition 0 Updated to asp. Net core 0


namespace OcelotApiGw  {  public



Yüklə 11,82 Mb.
Pdf görüntüsü
səhifə157/288
tarix12.07.2023
ölçüsü11,82 Mb.
#136458
1   ...   153   154   155   156   157   158   159   160   ...   288
namespace
OcelotApiGw 

public
class
Startup 

private
readonly
IConfiguration _cfg; 
public
Startup
(IConfiguration configuration) => _cfg = configuration; 
public
void
ConfigureServices
(IServiceCollection services) 

var
identityUrl = _cfg.
GetValue
<
string
>(
"IdentityUrl"
); 
var
authenticationProviderKey = 
"IdentityApiKey"

//…
services.
AddAuthentication
() 
.
AddJwtBearer
(authenticationProviderKey, x => 

x.
Authority
= identityUrl; 
x.
RequireHttpsMetadata

false

x.
TokenValidationParameters

new
Microsoft.
IdentityModel
.
Tokens
.
TokenValidationParameters
() 

ValidAudiences = 
new
[] { 
"orders"

"basket"

"locations"

"marketing"

"mobileshoppingagg"

"webshoppingagg"

}; 
}); 


179 
CHAPTER 5 | Designing and Developing Multi-Container and Microservice-Based .NET Applications 
//...



Then, you also need to set authorization with the [Authorize] attribute on any resource to be accessed 
like the microservices, such as in the following Basket microservice controller. 
namespace
Microsoft.
eShopOnContainers
.
Services
.
Basket
.
API
.
Controllers

[
Route
(
"api/v1/[controller]"
)] 
[Authorize] 
public
class
BasketController : Controller 

//...


The ValidAudiences such as “basket” are correlated with the audience defined in each microservice 
with 
AddJwtBearer()
at the ConfigureServices() of the Startup class, such as in the code below. 
// prevent from mapping "sub" claim to nameidentifier.
JwtSecurityTokenHandler.
DefaultInboundClaimTypeMap
.
Clear
(); 
var
identityUrl = Configuration.
GetValue
<
string
>(
"IdentityUrl"
); 
services.
AddAuthentication
(options => 

options.
DefaultAuthenticateScheme
= JwtBearerDefaults.
AuthenticationScheme

options.
DefaultChallengeScheme
= JwtBearerDefaults.
AuthenticationScheme

}).
AddJwtBearer
(options => 

options.
Authority
= identityUrl; 
options.
RequireHttpsMetadata

false

options.
Audience

"basket"

}); 
If you try to access any secured microservice, like the Basket microservice with a ReRoute URL based 
on the API Gateway like 
http://host.docker.internal:5202/api/v1/b/basket/1
, then you’ll get a 
401 Unauthorized unless you provide a valid token. On the other hand, if a ReRoute URL is 
authenticated, Ocelot will invoke whatever downstream scheme is associated with it (the internal 
microservice URL). 

Yüklə 11,82 Mb.

Dostları ilə paylaş:
1   ...   153   154   155   156   157   158   159   160   ...   288




Verilənlər bazası müəlliflik hüququ ilə müdafiə olunur ©azkurs.org 2024
rəhbərliyinə müraciət

gir | qeydiyyatdan keç
    Ana səhifə


yükləyin