修改接口项目

  在上次的项目基础上,分别修改两个api项目的startup.cs

  

 public void ConfigureServices(IServiceCollection services)

        {

            var audienceConfig = Configuration.GetSection("Audience");

            var signingKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(audienceConfig["Secret"]));

            var tokenValidationParameters = new TokenValidationParameters

            {

                ValidateIssuerSigningKey = true,

                IssuerSigningKey = signingKey,

                ValidateIssuer = true,

                ValidIssuer = audienceConfig["Iss"],

                ValidateAudience = true,

                ValidAudience = audienceConfig["Aud"],

                ValidateLifetime = true,

                ClockSkew = TimeSpan.Zero,

                RequireExpirationTime = true,

            };

            services.AddAuthentication(o =>

                {

                    o.DefaultAuthenticateScheme = "TestKey";

                })

                .AddJwtBearer("TestKey", x =>

                {

                    x.RequireHttpsMetadata = false;

                    x.TokenValidationParameters = tokenValidationParameters;

                });

            //services.AddConsulConfig(Configuration);

            services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2);

        }

  修改配置文件

  

{

  "Logging": {

    "LogLevel": {

      "Default": "Warning"

    }

  },

  "AllowedHosts": "*",

  //"Consul": {

  //  "Host": "http://192.168.2.29:8500"

  //},

  "Service": {

    "Name": "ApiService",

    "IP": "192.168.2.16",

    "Port": ""

  },

  "Consul": {

    "IP": "192.168.2.29",

    "Port": ""

  },

  "Audience": {

    "Secret": "Y2F0Y2hlciUyMHdvbmclMjBsb3ZlJTIwLm5ldA==",

    "Iss": "http://www.c-sharpcorner.com/members/catcher-wong",

    "Aud": "Catcher Wong"

  }

}

  在接口的action中加入[Authorize]属性

  

[Authorize]

        [HttpGet]

        public string Count()

        {

            return $"Count {++_count} from ApiServices1";

        }

加入Identity

  新建webapi项目 。将authapi项目也加入到consul中。所以要新建health控制器,新建一个授权控制器,修改startup.cs

  

using System;

using System.Collections.Generic;

using System.Linq;

using System.Threading.Tasks;

using Microsoft.AspNetCore.Http;

using Microsoft.AspNetCore.Mvc;

namespace Test.WebApi.AuthServer.Controllers

{

    [Produces("application/json")]

    [Route("api/[controller]")]

    [ApiController]

    public class HealthController : ControllerBase

    {

        [HttpGet]

        public IActionResult Get() => Ok("ok");

    }

}
using System;

using System.Collections.Generic;

using System.IdentityModel.Tokens.Jwt;

using System.Linq;

using System.Security.Claims;

using System.Text;

using System.Threading.Tasks;

using Microsoft.AspNetCore.Http;

using Microsoft.AspNetCore.Mvc;

using Microsoft.Extensions.Options;

using Microsoft.IdentityModel.Tokens;

namespace Test.WebApi.AuthServer.Controllers

{

    [Route("authapi/[controller]")]

    [ApiController]

    public class AuthController : ControllerBase

    {

        private IOptions<Audience> _settings;

        public AuthController(IOptions<Audience> settings)

        {

            this._settings = settings;

        }

        [HttpGet]

        public ActionResult Get(string name, string pwd)

        {

            //just hard code here.

            if (name == "catcher" && pwd == "")

            {

                var now = DateTime.UtcNow;

                var claims = new Claim[]

                {

                    new Claim(JwtRegisteredClaimNames.Sub, name),

                    new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),

                    new Claim(JwtRegisteredClaimNames.Iat, now.ToUniversalTime().ToString(), ClaimValueTypes.Integer64)

                };

                var signingKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(_settings.Value.Secret));

                var tokenValidationParameters = new TokenValidationParameters

                {

                    ValidateIssuerSigningKey = true,

                    IssuerSigningKey = signingKey,

                    ValidateIssuer = true,

                    ValidIssuer = _settings.Value.Iss,

                    ValidateAudience = true,

                    ValidAudience = _settings.Value.Aud,

                    ValidateLifetime = true,

                    ClockSkew = TimeSpan.Zero,

                    RequireExpirationTime = true,

                };

                var jwt = new JwtSecurityToken(

                    issuer: _settings.Value.Iss,

                    audience: _settings.Value.Aud,

                    claims: claims,

                    notBefore: now,

                    expires: now.Add(TimeSpan.FromMinutes()),

                    signingCredentials: new SigningCredentials(signingKey, SecurityAlgorithms.HmacSha256)

                );

                var encodedJwt = new JwtSecurityTokenHandler().WriteToken(jwt);

                var responseJson = new

                {

                    access_token = encodedJwt,

                    expires_in = (int)TimeSpan.FromMinutes().TotalSeconds

                };

                return new JsonResult(responseJson);

            }

            else

            {

                return new JsonResult("");

            }

        }

    }

    public class Audience

    {

        public string Secret { get; set; }

        public string Iss { get; set; }

        public string Aud { get; set; }

    }

}

修改 startup.cs

  // This method gets called by the runtime. Use this method to add services to the container.

        public void ConfigureServices(IServiceCollection services)

        {

            services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2);

            services.AddOptions();

            services.Configure<Controllers.Audience>(Configuration.GetSection("Audience"));

        }

        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.

        public void Configure(IApplicationBuilder app, IHostingEnvironment env, IApplicationLifetime lifetime)

        {

            if (env.IsDevelopment())

            {

                app.UseDeveloperExceptionPage();

            }

            else

            {

                // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.

                app.UseHsts();

            }

            ConsulService consulService = new ConsulService()

            {

                IP = Configuration["Consul:IP"],

                Port = Convert.ToInt32(Configuration["Consul:Port"])

            };

            HealthService healthService = new HealthService()

            {

                IP = Configuration["Service:IP"],

                Port = Convert.ToInt32(Configuration["Service:Port"]),

                Name = Configuration["Service:Name"],

            };

            app.RegisterConsul(lifetime, healthService, consulService);

            app.UseHttpsRedirection();

            app.UseMvc();

        }

配置文件

{

  "Logging": {

    "LogLevel": {

      "Default": "Warning"

    }

  },

  "AllowedHosts": "*",

  "Service": {

    "Name": "AuthService",

    "IP": "192.168.2.16",

    "Port": ""

  },

  "Consul": {

    "IP": "192.168.2.29",

    "Port": ""

  },

  "Audience": {

    "Secret": "Y2F0Y2hlciUyMHdvbmclMjBsb3ZlJTIwLm5ldA==",

    "Iss": "http://www.c-sharpcorner.com/members/catcher-wong",

    "Aud": "Catcher Wong"

  }

}

发布后,部署到IIS中,端口9003

参考链接:

https://www.cnblogs.com/xlxr45/p/11321134.html

修改网关项目

配置文件configuration.json

{

  "ReRoutes": [

    {

      "UseServiceDiscovery": true,

      "DownstreamPathTemplate": "/api/{url}",

      "DownstreamScheme": "http",

      "ServiceName": "ApiService",

      "LoadBalancerOptions": {

        "Type": "RoundRobin"

      },

      "UpstreamPathTemplate": "/api/{url}",

      "UpstreamHttpMethod": [ "Get" ],

      "ReRoutesCaseSensitive": false

    },

    {

      "UseServiceDiscovery": true,

      "DownstreamPathTemplate": "/authapi/{url}",

      "DownstreamScheme": "http",

      "ServiceName": "AuthService",

      "LoadBalancerOptions": {

        "Type": "RoundRobin"

      },

      "UpstreamPathTemplate": "/authapi/{url}",

      "UpstreamHttpMethod": [ "Get" ],

      "ReRoutesCaseSensitive": false

    }

  ],

  "GlobalConfiguration": {

    "ServiceDiscoveryProvider": {

      "Host": "192.168.2.29",

      "Port": ,

      "Type": "PollConsul",

      "PollingInterval":

    }

  }

}

运行效果

新建一个cmd项目,测试下

class Program

    {

        static void Main(string[] args)

        {

            HttpClient client = new HttpClient();

            client.DefaultRequestHeaders.Clear();

            client.BaseAddress = new Uri("http://localhost:9000");

            // 1. without access_token will not access the service

            //    and return 401 .

            var resWithoutToken = client.GetAsync("/api/Counter/Count").Result;

            Console.WriteLine($"Sending Request to /api/Counter/Count , without token.");

            Console.WriteLine($"Result : {resWithoutToken.StatusCode}");

            //2. with access_token will access the service

            //   and return result.

            client.DefaultRequestHeaders.Clear();

            Console.WriteLine("\nBegin Auth....");

            var jwt = GetJwt();

            Console.WriteLine("End Auth....");

            Console.WriteLine($"\nToken={jwt}");

            client.DefaultRequestHeaders.Add("Authorization", $"Bearer {jwt}");

            var resWithToken = client.GetAsync("/api/Counter/Count").Result;

            Console.WriteLine($"\nSend Request to /api/Counter/Count , with token.");

            Console.WriteLine($"Result : {resWithToken.StatusCode}");

            Console.WriteLine(resWithToken.Content.ReadAsStringAsync().Result);

            //3. visit no auth service

            Console.WriteLine("\nNo Auth Service Here ");

            client.DefaultRequestHeaders.Clear();

            var res = client.GetAsync("/api/Counter/Count").Result;

            Console.WriteLine($"Send Request to /api/Counter/Count");

            Console.WriteLine($"Result : {res.StatusCode}");

            Console.WriteLine(res.Content.ReadAsStringAsync().Result);

            Console.Read();

        }

        private static string GetJwt()

        {

            HttpClient client = new HttpClient();

            client.BaseAddress = new Uri( "http://localhost:9000");

            client.DefaultRequestHeaders.Clear();

            var res2 = client.GetAsync("/authapi/auth?name=catcher&pwd=123").Result;

            dynamic jwt = JsonConvert.DeserializeObject(res2.Content.ReadAsStringAsync().Result);

            return jwt.access_token;

        }

    }

postman测试下。

先获取access_token

将access_token放到header中

如果不加入header中,则会报500错误

04 .NET CORE 2.2 使用OCELOT -- identity认证授权的更多相关文章

  1. (10)学习笔记 ) ASP.NET CORE微服务 Micro-Service ---- Ocelot+Identity Server

    用 JWT 机制实现验证的原理如下图:  认证服务器负责颁发 Token(相当于 JWT 值)和校验 Token 的合法性. 一. 相关概念 API 资源(API Resource):微博服务器接口. ...

  2. ocelot 自定义认证和授权

    ocelot 自定义认证和授权 Intro 最近又重新启动了网关项目,服务越来越多,每个服务都有一个地址,这无论是对于前端还是后端开发调试都是比较麻烦的,前端需要定义很多 baseUrl,而后端需要没 ...

  3. .net core gRPC与IdentityServer4集成认证授权

    前言 随着.net core3.0的正式发布,gRPC服务被集成到了VS2019.本文主要演示如何对gRPC的服务进行认证授权. 分析 目前.net core使用最广的认证授权组件是基于OAuth2. ...

  4. .net core使用Ocelot+Identity Server统一网关验证

    源码下载地址:下载 项目结构如下图: 在Identity Server授权中,实现IResourceOwnerPasswordValidator接口: public class IdentityVal ...

  5. asp.net core网关Ocelot的简单介绍& Ocelot集成Identity认证

    文章简介  Ocelot网关简介 Ocelot集成Idnetity认证处理 Ocelot网关简介 Ocelot是一个基于netcore实现的API网关,本质是一组按特定顺序排列的中间件.Ocelot内 ...

  6. (8)学习笔记 ) ASP.NET CORE微服务 Micro-Service ---- Ocelot网关(Api GateWay)

    说到现在现有微服务的几点不足: 1) 对于在微服务体系中.和 Consul 通讯的微服务来讲,使用服务名即可访问.但是对于手 机.web 端等外部访问者仍然需要和 N 多服务器交互,需要记忆他们的服务 ...

  7. ASP.NET Core Web API 索引 (更新Identity Server 4 视频教程)

    GraphQL 使用ASP.NET Core开发GraphQL服务器 -- 预备知识(上) 使用ASP.NET Core开发GraphQL服务器 -- 预备知识(下) [视频] 使用ASP.NET C ...

  8. ASP.NET Core 2.1 Web API + Identity Server 4 + Angular 6 + Angular Material 实战小项目视频

    视频简介 ASP.NET Core Web API + Angular 6的教学视频 我是后端开发人员, 前端的Angular部分讲的比较差一些, 可以直接看代码!!!! 这是一个小项目的实战视频, ...

  9. net core 2.0 web api + Identity Server 4 + angular 5

    net core 2.0 web api + Identity Server 4 + angular 5前台使用angular 5, 后台是asp.net core 2.0 web api + ide ...

随机推荐

  1. Jenkins的CI持续集成

    Jenkins的CI持续集成 全局配置 系统管理->全局工具配置,配置Git,JDK和Maven 1)解压maven到当前目录 tar zxf apache-maven-3.5.4-bin.ta ...

  2. 实时人流量监测——海康威视sdk初体验

    本文主要是博主使用海康SDK进行人流量统计的摸索过程,在这里简单记录一下. 查询文档,能实现人流量统计大概有两种方式,报警或者监听, 这边我选择了监听方式,NET_DVR_StartListen_V3 ...

  3. Python的爬虫利器之urllib

    urllib包 urllib是一个包含几个模块来处理请求的库:  - urllib.request发送http请求  - urllib.error处理请求过程中出现的异常  - urllib.pars ...

  4. Linux内存管理(最透彻的一篇)【转】

    转自:https://www.cnblogs.com/ralap7/p/9184773.html 摘要:本章首先以应用程序开发者的角度审视Linux的进程内存管理,在此基础上逐步深入到内核中讨论系统物 ...

  5. Python3字典排序

    创建一个字典 dict1={'a':2,'b':3,'c':8,'d':4} 1.分别取键.值 取字典的所有键,所有的值,利用dict1.keys(),dict1.vaules(), 由于键,值有很多 ...

  6. 基于Arduino和python的串口通信和上位机控制

    引言 经常的时候我们要实现两个代码之间的通信,比如说两个不同不同人写的代码要对接,例如将python指令控制Arduino控件的开关,此处使用串口通信是非常方便的,下面笔者将结合自己踩过的坑来讲述下自 ...

  7. windows API下的模板缓冲(stencil buffer)

    在windows API搭建的OpenGL窗口中使用模板缓冲,需要在像素格式描述表中设置stencil buffer位宽为8,这样窗口会自动生成stencil buffer,然后可以在opengl环境 ...

  8. 201871010124-王生涛《面向对象程序设计(java)》第十三周学习总结

    项目 内容 这个作业属于哪个课程 <任课教师博客主页链接>https://www.cnblogs.com/nwnu-daizh/ 这个作业的要求在哪里 <作业链接地址>http ...

  9. win7系统中右键新建没有写字板

    问题描述: win7系统中右键新建没有写字板 解决方案: 1. 按下Win+R后输入regedit打开注册表. (可以使用组合键ALT+ 键盘上的左键, 对展开的注册表项进行折叠方可查看) 2.定位到 ...

  10. 5 Ways AI is Transforming the Finance Industry

    https://marutitech.com/ways-ai-transforming-finance/ As global technology has evolved over the years ...