Let's talk about Ocelot gateway using IdentityServer4 authentication

  [[387801]]

This article is reprinted from the WeChat public account "UP Technology Control", the author is conan5566. Please contact the UP Technology Control public account for reprinting this article.

Overview

Ocelot is an open source API gateway technology implemented in .NET Core. IdentityServer4 is a framework for ASP.NET Core based on OpenID Connect and OAuth2.0, which exists in the form of middleware. OAuth is an authorization mechanism. The system generates a short-term token to replace the password for use by third-party applications.

Let's take a look at how to implement Ocelot's unified authentication based on IdentityServer4.

Main code implementation

1. Create a new authentication project and install id4 using nuget

2. appsettings.json configuration

 {
 "Logging" : {
 "LogLevel" : {
 "Default" : "Warning"  
 }
 },
 "SSOConfig" : {
 "ApiResources" : [
 {
 "Name" : "testapi" ,
 "DisplayName" : "testapiname"  
 }
 ],
 "Clients" : [
 {
 "ClientId" : "a" ,
 "ClientSecrets" : [ "aa" ],
 "AllowedGrantTypes" : "ClientCredentials" ,
 "AllowedScopes" : [ "testapi" ]
 }
 ]
 },
 "AllowedHosts" : "*"  
 }

 public   static IEnumerable<ApiResource> GetApiResources(IConfigurationSection section )
 {
            List<ApiResource> resource = new List<ApiResource>();
            if ( section != null )
 {
                List<ApiConfig> configs = new List<ApiConfig>();
 section .Bind( "ApiResources" , configs);
                foreach (var config in configs)
 {
                    resource. Add (new ApiResource(config. Name , config.DisplayName));
 }
 }
 return resource.ToArray();
 } 
 
 /// <summary>
 /// Define trusted client Client
 /// </summary>
        /// < returns ></ returns >
 public   static IEnumerable<Client> GetClients(IConfigurationSection section )
 {
            List<Client> clients = new List<Client>();
            if ( section != null )
 {
                List<ClientConfig> configs = new List<ClientConfig>();
 section .Bind( "Clients" , configs);
                foreach (var config in configs)
 {
                    Client client = new Client();
                    client.ClientId = config.ClientId;
                    List<Secret> clientSecrets = new List<Secret>();
                    foreach (var secret in config.ClientSecrets)
 {
                        clientSecrets.Add (new Secret(secret.Sha256()));
 }
                    client.ClientSecrets = clientSecrets.ToArray();
                    GrantTypes grantTypes = new GrantTypes();
                    var allowedGrantTypes = grantTypes.GetType().GetProperty(config.AllowedGrantTypes);
                    client.AllowedGrantTypes = allowedGrantTypes == null ?
 GrantTypes.ClientCredentials: (ICollection<string>)allowedGrantTypes.GetValue(grantTypes, null );
                    client.AllowedScopes = config.AllowedScopes.ToArray();
                    clients.Add (client) ;
 }
 }
 return clients.ToArray();
 }

3. Startup configuration

 public void ConfigureServices(IServiceCollection services)
 {
            var section = Configuration.GetSection( "SSOConfig" );
            services.AddIdentityServer()
         .AddDeveloperSigningCredential()
         .AddInMemoryApiResources(SSOConfig.GetApiResources( section ))
         .AddInMemoryClients(SSOConfig.GetClients( section ));
            services.AddControllers().SetCompatibilityVersion(CompatibilityVersion.Latest);
 } 
 
        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
 public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
 {
            if (env.IsDevelopment())
 {
                app.UseDeveloperExceptionPage();
 } 
 
 app.UseRouting(); 
 
            // app.UseAuthorization();
            app.UseIdentityServer(); 
 
            app.UseEndpoints(endpoints =>
 {
                endpoints.MapControllers();
 });
 }

4. Gateway project configuration

 <ItemGroup>
    <PackageReference Include= "IdentityServer4.AccessTokenValidation" Version= "3.0.1" />
    <PackageReference Include= "Ocelot" Version= "14.0.3" />
 </ItemGroup>

 {
 "DownstreamPathTemplate" : "/connect/token" ,
 "DownstreamScheme" : "http" ,
 "DownstreamHostAndPorts" : [
 {
 "Host" : "localhost" ,
 "Port" : 5002
 }
 ],
 "UpstreamPathTemplate" : "/token" ,
 "UpstreamHttpMethod" : [ "Post" ],
 "Priority" : 2
 },

 var identityBuilder = services.AddAuthentication();
            IdentityServerConfig identityServerConfig = new IdentityServerConfig();
            Configuration.Bind( "IdentityServerConfig" , identityServerConfig);
            if (identityServerConfig != null && identityServerConfig.Resources != null )
 {
                foreach (var resource in identityServerConfig.Resources)
 {
                    identityBuilder.AddIdentityServerAuthentication( resource.Key , options =>
 {
                        options.Authority = $ "http://{identityServerConfig.IP}:{identityServerConfig.Port}" ;
                        options.RequireHttpsMetadata = false ;
                        options.ApiName = resource.Name ;
                        options.SupportedTokens = SupportedTokens.Both;
 });
 }
 } 
 
            // services.AddControllers();
            services.AddOcelot(Configuration);

test

1. No token is added for access, 401 is returned

2. Get access token

3. Access the interface with token