修改接口项目

  在上次的项目基础上,分别修改两个api项目的startup.cs

  

 public void ConfigureServices(IServiceCollection services)

        {

            var audienceConfig = Configuration.GetSection("Audience");

            var signingKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(audienceConfig["Secret"]));

            var tokenValidationParameters = new TokenValidationParameters

            {

                ValidateIssuerSigningKey = true,

                IssuerSigningKey = signingKey,

                ValidateIssuer = true,

                ValidIssuer = audienceConfig["Iss"],

                ValidateAudience = true,

                ValidAudience = audienceConfig["Aud"],

                ValidateLifetime = true,

                ClockSkew = TimeSpan.Zero,

                RequireExpirationTime = true,

            };

            services.AddAuthentication(o =>

                {

                    o.DefaultAuthenticateScheme = "TestKey";

                })

                .AddJwtBearer("TestKey", x =>

                {

                    x.RequireHttpsMetadata = false;

                    x.TokenValidationParameters = tokenValidationParameters;

                });

            //services.AddConsulConfig(Configuration);

            services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2);

        }

  修改配置文件

  

{

  "Logging": {

    "LogLevel": {

      "Default": "Warning"

    }

  },

  "AllowedHosts": "*",

  //"Consul": {

  //  "Host": "http://192.168.2.29:8500"

  //},

  "Service": {

    "Name": "ApiService",

    "IP": "192.168.2.16",

    "Port": ""

  },

  "Consul": {

    "IP": "192.168.2.29",

    "Port": ""

  },

  "Audience": {

    "Secret": "Y2F0Y2hlciUyMHdvbmclMjBsb3ZlJTIwLm5ldA==",

    "Iss": "http://www.c-sharpcorner.com/members/catcher-wong",

    "Aud": "Catcher Wong"

  }

}

  在接口的action中加入[Authorize]属性

  

[Authorize]

        [HttpGet]

        public string Count()

        {

            return $"Count {++_count} from ApiServices1";

        }

加入Identity

  新建webapi项目 。将authapi项目也加入到consul中。所以要新建health控制器,新建一个授权控制器,修改startup.cs

  

using System;

using System.Collections.Generic;

using System.Linq;

using System.Threading.Tasks;

using Microsoft.AspNetCore.Http;

using Microsoft.AspNetCore.Mvc;

namespace Test.WebApi.AuthServer.Controllers

{

    [Produces("application/json")]

    [Route("api/[controller]")]

    [ApiController]

    public class HealthController : ControllerBase

    {

        [HttpGet]

        public IActionResult Get() => Ok("ok");

    }

}
using System;

using System.Collections.Generic;

using System.IdentityModel.Tokens.Jwt;

using System.Linq;

using System.Security.Claims;

using System.Text;

using System.Threading.Tasks;

using Microsoft.AspNetCore.Http;

using Microsoft.AspNetCore.Mvc;

using Microsoft.Extensions.Options;

using Microsoft.IdentityModel.Tokens;

namespace Test.WebApi.AuthServer.Controllers

{

    [Route("authapi/[controller]")]

    [ApiController]

    public class AuthController : ControllerBase

    {

        private IOptions<Audience> _settings;

        public AuthController(IOptions<Audience> settings)

        {

            this._settings = settings;

        }

        [HttpGet]

        public ActionResult Get(string name, string pwd)

        {

            //just hard code here.

            if (name == "catcher" && pwd == "")

            {

                var now = DateTime.UtcNow;

                var claims = new Claim[]

                {

                    new Claim(JwtRegisteredClaimNames.Sub, name),

                    new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),

                    new Claim(JwtRegisteredClaimNames.Iat, now.ToUniversalTime().ToString(), ClaimValueTypes.Integer64)

                };

                var signingKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(_settings.Value.Secret));

                var tokenValidationParameters = new TokenValidationParameters

                {

                    ValidateIssuerSigningKey = true,

                    IssuerSigningKey = signingKey,

                    ValidateIssuer = true,

                    ValidIssuer = _settings.Value.Iss,

                    ValidateAudience = true,

                    ValidAudience = _settings.Value.Aud,

                    ValidateLifetime = true,

                    ClockSkew = TimeSpan.Zero,

                    RequireExpirationTime = true,

                };

                var jwt = new JwtSecurityToken(

                    issuer: _settings.Value.Iss,

                    audience: _settings.Value.Aud,

                    claims: claims,

                    notBefore: now,

                    expires: now.Add(TimeSpan.FromMinutes()),

                    signingCredentials: new SigningCredentials(signingKey, SecurityAlgorithms.HmacSha256)

                );

                var encodedJwt = new JwtSecurityTokenHandler().WriteToken(jwt);

                var responseJson = new

                {

                    access_token = encodedJwt,

                    expires_in = (int)TimeSpan.FromMinutes().TotalSeconds

                };

                return new JsonResult(responseJson);

            }

            else

            {

                return new JsonResult("");

            }

        }

    }

    public class Audience

    {

        public string Secret { get; set; }

        public string Iss { get; set; }

        public string Aud { get; set; }

    }

}

修改 startup.cs

  // This method gets called by the runtime. Use this method to add services to the container.

        public void ConfigureServices(IServiceCollection services)

        {

            services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2);

            services.AddOptions();

            services.Configure<Controllers.Audience>(Configuration.GetSection("Audience"));

        }

        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.

        public void Configure(IApplicationBuilder app, IHostingEnvironment env, IApplicationLifetime lifetime)

        {

            if (env.IsDevelopment())

            {

                app.UseDeveloperExceptionPage();

            }

            else

            {

                // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.

                app.UseHsts();

            }

            ConsulService consulService = new ConsulService()

            {

                IP = Configuration["Consul:IP"],

                Port = Convert.ToInt32(Configuration["Consul:Port"])

            };

            HealthService healthService = new HealthService()

            {

                IP = Configuration["Service:IP"],

                Port = Convert.ToInt32(Configuration["Service:Port"]),

                Name = Configuration["Service:Name"],

            };

            app.RegisterConsul(lifetime, healthService, consulService);

            app.UseHttpsRedirection();

            app.UseMvc();

        }

配置文件

{

  "Logging": {

    "LogLevel": {

      "Default": "Warning"

    }

  },

  "AllowedHosts": "*",

  "Service": {

    "Name": "AuthService",

    "IP": "192.168.2.16",

    "Port": ""

  },

  "Consul": {

    "IP": "192.168.2.29",

    "Port": ""

  },

  "Audience": {

    "Secret": "Y2F0Y2hlciUyMHdvbmclMjBsb3ZlJTIwLm5ldA==",

    "Iss": "http://www.c-sharpcorner.com/members/catcher-wong",

    "Aud": "Catcher Wong"

  }

}

发布后,部署到IIS中,端口9003

参考链接:

https://www.cnblogs.com/xlxr45/p/11321134.html

修改网关项目

配置文件configuration.json

{

  "ReRoutes": [

    {

      "UseServiceDiscovery": true,

      "DownstreamPathTemplate": "/api/{url}",

      "DownstreamScheme": "http",

      "ServiceName": "ApiService",

      "LoadBalancerOptions": {

        "Type": "RoundRobin"

      },

      "UpstreamPathTemplate": "/api/{url}",

      "UpstreamHttpMethod": [ "Get" ],

      "ReRoutesCaseSensitive": false

    },

    {

      "UseServiceDiscovery": true,

      "DownstreamPathTemplate": "/authapi/{url}",

      "DownstreamScheme": "http",

      "ServiceName": "AuthService",

      "LoadBalancerOptions": {

        "Type": "RoundRobin"

      },

      "UpstreamPathTemplate": "/authapi/{url}",

      "UpstreamHttpMethod": [ "Get" ],

      "ReRoutesCaseSensitive": false

    }

  ],

  "GlobalConfiguration": {

    "ServiceDiscoveryProvider": {

      "Host": "192.168.2.29",

      "Port": ,

      "Type": "PollConsul",

      "PollingInterval":

    }

  }

}

运行效果

新建一个cmd项目,测试下

class Program

    {

        static void Main(string[] args)

        {

            HttpClient client = new HttpClient();

            client.DefaultRequestHeaders.Clear();

            client.BaseAddress = new Uri("http://localhost:9000");

            // 1. without access_token will not access the service

            //    and return 401 .

            var resWithoutToken = client.GetAsync("/api/Counter/Count").Result;

            Console.WriteLine($"Sending Request to /api/Counter/Count , without token.");

            Console.WriteLine($"Result : {resWithoutToken.StatusCode}");

            //2. with access_token will access the service

            //   and return result.

            client.DefaultRequestHeaders.Clear();

            Console.WriteLine("\nBegin Auth....");

            var jwt = GetJwt();

            Console.WriteLine("End Auth....");

            Console.WriteLine($"\nToken={jwt}");

            client.DefaultRequestHeaders.Add("Authorization", $"Bearer {jwt}");

            var resWithToken = client.GetAsync("/api/Counter/Count").Result;

            Console.WriteLine($"\nSend Request to /api/Counter/Count , with token.");

            Console.WriteLine($"Result : {resWithToken.StatusCode}");

            Console.WriteLine(resWithToken.Content.ReadAsStringAsync().Result);

            //3. visit no auth service

            Console.WriteLine("\nNo Auth Service Here ");

            client.DefaultRequestHeaders.Clear();

            var res = client.GetAsync("/api/Counter/Count").Result;

            Console.WriteLine($"Send Request to /api/Counter/Count");

            Console.WriteLine($"Result : {res.StatusCode}");

            Console.WriteLine(res.Content.ReadAsStringAsync().Result);

            Console.Read();

        }

        private static string GetJwt()

        {

            HttpClient client = new HttpClient();

            client.BaseAddress = new Uri( "http://localhost:9000");

            client.DefaultRequestHeaders.Clear();

            var res2 = client.GetAsync("/authapi/auth?name=catcher&pwd=123").Result;

            dynamic jwt = JsonConvert.DeserializeObject(res2.Content.ReadAsStringAsync().Result);

            return jwt.access_token;

        }

    }

postman测试下。

先获取access_token

将access_token放到header中

如果不加入header中,则会报500错误

04 .NET CORE 2.2 使用OCELOT -- identity认证授权的更多相关文章

  1. (10)学习笔记 ) ASP.NET CORE微服务 Micro-Service ---- Ocelot+Identity Server

    用 JWT 机制实现验证的原理如下图:  认证服务器负责颁发 Token(相当于 JWT 值)和校验 Token 的合法性. 一. 相关概念 API 资源(API Resource):微博服务器接口. ...

  2. ocelot 自定义认证和授权

    ocelot 自定义认证和授权 Intro 最近又重新启动了网关项目,服务越来越多,每个服务都有一个地址,这无论是对于前端还是后端开发调试都是比较麻烦的,前端需要定义很多 baseUrl,而后端需要没 ...

  3. .net core gRPC与IdentityServer4集成认证授权

    前言 随着.net core3.0的正式发布,gRPC服务被集成到了VS2019.本文主要演示如何对gRPC的服务进行认证授权. 分析 目前.net core使用最广的认证授权组件是基于OAuth2. ...

  4. .net core使用Ocelot+Identity Server统一网关验证

    源码下载地址:下载 项目结构如下图: 在Identity Server授权中,实现IResourceOwnerPasswordValidator接口: public class IdentityVal ...

  5. asp.net core网关Ocelot的简单介绍& Ocelot集成Identity认证

    文章简介  Ocelot网关简介 Ocelot集成Idnetity认证处理 Ocelot网关简介 Ocelot是一个基于netcore实现的API网关,本质是一组按特定顺序排列的中间件.Ocelot内 ...

  6. (8)学习笔记 ) ASP.NET CORE微服务 Micro-Service ---- Ocelot网关(Api GateWay)

    说到现在现有微服务的几点不足: 1) 对于在微服务体系中.和 Consul 通讯的微服务来讲,使用服务名即可访问.但是对于手 机.web 端等外部访问者仍然需要和 N 多服务器交互,需要记忆他们的服务 ...

  7. ASP.NET Core Web API 索引 (更新Identity Server 4 视频教程)

    GraphQL 使用ASP.NET Core开发GraphQL服务器 -- 预备知识(上) 使用ASP.NET Core开发GraphQL服务器 -- 预备知识(下) [视频] 使用ASP.NET C ...

  8. ASP.NET Core 2.1 Web API + Identity Server 4 + Angular 6 + Angular Material 实战小项目视频

    视频简介 ASP.NET Core Web API + Angular 6的教学视频 我是后端开发人员, 前端的Angular部分讲的比较差一些, 可以直接看代码!!!! 这是一个小项目的实战视频, ...

  9. net core 2.0 web api + Identity Server 4 + angular 5

    net core 2.0 web api + Identity Server 4 + angular 5前台使用angular 5, 后台是asp.net core 2.0 web api + ide ...

随机推荐

  1. 用Random产生1到10之间的一个随机数

    bat中怎样用Random产生1到10之间的一个随机数? 当然是用%random%,示例: @echo off rem 用Random产生1到10之间的一个随机数 set num=%random% s ...

  2. windows elasticsearch搭集群启动失败failed to send join request to master....

    创建几份elasticsearch副本,修改各自config\elasticsearch.yml配置文件: 第一份: #允许elasticsearch跨域访问,使用elasticsearch-head ...

  3. Django框架 --序列化组件(serializer)

    一 .Django自带序列化组件 Django内置的serializers(把对象序列化成json字符串) from django.core import serializers from djang ...

  4. firewalld规则写法

    需要注意的是Firewalld中的区域与接口 一个网卡仅能绑定一个区域.比如: eth0-->A区域 但一个区域可以绑定多个网卡.比如: B区域-->eth0.eth1.eth2 可以根据 ...

  5. ajax的一些知识

    一.关于XMLHttpRequest的实例的属性和方法 实例的属性: 1.xhr.response 响应主体内容 2.xhr.responseText 响应主体内容字符串(JSON或者XML格式字符串 ...

  6. CnetOS6.7编译安装MariaDB

    --安装所需软件包 [root@localhost mariadb-10.1.14]# yum install bison bison-devel ncurses libxml2 libxml2-de ...

  7. 2019.6.11_MySQL进阶三:临时表

    临时表 临时表主要应用于保存一些临时数据.临时表只在当前连接可见.当关闭连接时,MySQL会自动删除表并且释放空间.临时表在MySQL 3.23版本中添加,低于 3.23版本就无法使用MySQL的临时 ...

  8. IP、MAC和端口号(六)

    在茫茫的互联网海洋中,要找到一台计算机非常不容易,有三个要素必须具备,它们分别是 IP 地址.MAC 地址和端口号. 一.IP地址 IP地址是 Internet Protocol Address 的缩 ...

  9. hive数据库从文件插入数据得到结果NULL?

    今天第一次接触hive这个东东,跟着教程走,当把本地文件的数据装载到新建的hive的表中时,得到的结果是NULL,如图: 也不知道为什么,初次接触,对它的这个构造还不是很熟悉,看一下建表语句: 解决: ...

  10. 个人网站 & 博客

    www.ykmimi.com (测试使用) http://www.implements.fun/  (测试使用) http://www.java-developer.cn/  (测试使用,预备论坛) ...