修改接口项目

  在上次的项目基础上,分别修改两个api项目的startup.cs

  

 public void ConfigureServices(IServiceCollection services)

        {

            var audienceConfig = Configuration.GetSection("Audience");

            var signingKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(audienceConfig["Secret"]));

            var tokenValidationParameters = new TokenValidationParameters

            {

                ValidateIssuerSigningKey = true,

                IssuerSigningKey = signingKey,

                ValidateIssuer = true,

                ValidIssuer = audienceConfig["Iss"],

                ValidateAudience = true,

                ValidAudience = audienceConfig["Aud"],

                ValidateLifetime = true,

                ClockSkew = TimeSpan.Zero,

                RequireExpirationTime = true,

            };

            services.AddAuthentication(o =>

                {

                    o.DefaultAuthenticateScheme = "TestKey";

                })

                .AddJwtBearer("TestKey", x =>

                {

                    x.RequireHttpsMetadata = false;

                    x.TokenValidationParameters = tokenValidationParameters;

                });

            //services.AddConsulConfig(Configuration);

            services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2);

        }

  修改配置文件

  

{

  "Logging": {

    "LogLevel": {

      "Default": "Warning"

    }

  },

  "AllowedHosts": "*",

  //"Consul": {

  //  "Host": "http://192.168.2.29:8500"

  //},

  "Service": {

    "Name": "ApiService",

    "IP": "192.168.2.16",

    "Port": ""

  },

  "Consul": {

    "IP": "192.168.2.29",

    "Port": ""

  },

  "Audience": {

    "Secret": "Y2F0Y2hlciUyMHdvbmclMjBsb3ZlJTIwLm5ldA==",

    "Iss": "http://www.c-sharpcorner.com/members/catcher-wong",

    "Aud": "Catcher Wong"

  }

}

  在接口的action中加入[Authorize]属性

  

[Authorize]

        [HttpGet]

        public string Count()

        {

            return $"Count {++_count} from ApiServices1";

        }

加入Identity

  新建webapi项目 。将authapi项目也加入到consul中。所以要新建health控制器,新建一个授权控制器,修改startup.cs

  

using System;

using System.Collections.Generic;

using System.Linq;

using System.Threading.Tasks;

using Microsoft.AspNetCore.Http;

using Microsoft.AspNetCore.Mvc;

namespace Test.WebApi.AuthServer.Controllers

{

    [Produces("application/json")]

    [Route("api/[controller]")]

    [ApiController]

    public class HealthController : ControllerBase

    {

        [HttpGet]

        public IActionResult Get() => Ok("ok");

    }

}
using System;

using System.Collections.Generic;

using System.IdentityModel.Tokens.Jwt;

using System.Linq;

using System.Security.Claims;

using System.Text;

using System.Threading.Tasks;

using Microsoft.AspNetCore.Http;

using Microsoft.AspNetCore.Mvc;

using Microsoft.Extensions.Options;

using Microsoft.IdentityModel.Tokens;

namespace Test.WebApi.AuthServer.Controllers

{

    [Route("authapi/[controller]")]

    [ApiController]

    public class AuthController : ControllerBase

    {

        private IOptions<Audience> _settings;

        public AuthController(IOptions<Audience> settings)

        {

            this._settings = settings;

        }

        [HttpGet]

        public ActionResult Get(string name, string pwd)

        {

            //just hard code here.

            if (name == "catcher" && pwd == "")

            {

                var now = DateTime.UtcNow;

                var claims = new Claim[]

                {

                    new Claim(JwtRegisteredClaimNames.Sub, name),

                    new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),

                    new Claim(JwtRegisteredClaimNames.Iat, now.ToUniversalTime().ToString(), ClaimValueTypes.Integer64)

                };

                var signingKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(_settings.Value.Secret));

                var tokenValidationParameters = new TokenValidationParameters

                {

                    ValidateIssuerSigningKey = true,

                    IssuerSigningKey = signingKey,

                    ValidateIssuer = true,

                    ValidIssuer = _settings.Value.Iss,

                    ValidateAudience = true,

                    ValidAudience = _settings.Value.Aud,

                    ValidateLifetime = true,

                    ClockSkew = TimeSpan.Zero,

                    RequireExpirationTime = true,

                };

                var jwt = new JwtSecurityToken(

                    issuer: _settings.Value.Iss,

                    audience: _settings.Value.Aud,

                    claims: claims,

                    notBefore: now,

                    expires: now.Add(TimeSpan.FromMinutes()),

                    signingCredentials: new SigningCredentials(signingKey, SecurityAlgorithms.HmacSha256)

                );

                var encodedJwt = new JwtSecurityTokenHandler().WriteToken(jwt);

                var responseJson = new

                {

                    access_token = encodedJwt,

                    expires_in = (int)TimeSpan.FromMinutes().TotalSeconds

                };

                return new JsonResult(responseJson);

            }

            else

            {

                return new JsonResult("");

            }

        }

    }

    public class Audience

    {

        public string Secret { get; set; }

        public string Iss { get; set; }

        public string Aud { get; set; }

    }

}

修改 startup.cs

  // This method gets called by the runtime. Use this method to add services to the container.

        public void ConfigureServices(IServiceCollection services)

        {

            services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2);

            services.AddOptions();

            services.Configure<Controllers.Audience>(Configuration.GetSection("Audience"));

        }

        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.

        public void Configure(IApplicationBuilder app, IHostingEnvironment env, IApplicationLifetime lifetime)

        {

            if (env.IsDevelopment())

            {

                app.UseDeveloperExceptionPage();

            }

            else

            {

                // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.

                app.UseHsts();

            }

            ConsulService consulService = new ConsulService()

            {

                IP = Configuration["Consul:IP"],

                Port = Convert.ToInt32(Configuration["Consul:Port"])

            };

            HealthService healthService = new HealthService()

            {

                IP = Configuration["Service:IP"],

                Port = Convert.ToInt32(Configuration["Service:Port"]),

                Name = Configuration["Service:Name"],

            };

            app.RegisterConsul(lifetime, healthService, consulService);

            app.UseHttpsRedirection();

            app.UseMvc();

        }

配置文件

{

  "Logging": {

    "LogLevel": {

      "Default": "Warning"

    }

  },

  "AllowedHosts": "*",

  "Service": {

    "Name": "AuthService",

    "IP": "192.168.2.16",

    "Port": ""

  },

  "Consul": {

    "IP": "192.168.2.29",

    "Port": ""

  },

  "Audience": {

    "Secret": "Y2F0Y2hlciUyMHdvbmclMjBsb3ZlJTIwLm5ldA==",

    "Iss": "http://www.c-sharpcorner.com/members/catcher-wong",

    "Aud": "Catcher Wong"

  }

}

发布后,部署到IIS中,端口9003

参考链接:

https://www.cnblogs.com/xlxr45/p/11321134.html

修改网关项目

配置文件configuration.json

{

  "ReRoutes": [

    {

      "UseServiceDiscovery": true,

      "DownstreamPathTemplate": "/api/{url}",

      "DownstreamScheme": "http",

      "ServiceName": "ApiService",

      "LoadBalancerOptions": {

        "Type": "RoundRobin"

      },

      "UpstreamPathTemplate": "/api/{url}",

      "UpstreamHttpMethod": [ "Get" ],

      "ReRoutesCaseSensitive": false

    },

    {

      "UseServiceDiscovery": true,

      "DownstreamPathTemplate": "/authapi/{url}",

      "DownstreamScheme": "http",

      "ServiceName": "AuthService",

      "LoadBalancerOptions": {

        "Type": "RoundRobin"

      },

      "UpstreamPathTemplate": "/authapi/{url}",

      "UpstreamHttpMethod": [ "Get" ],

      "ReRoutesCaseSensitive": false

    }

  ],

  "GlobalConfiguration": {

    "ServiceDiscoveryProvider": {

      "Host": "192.168.2.29",

      "Port": ,

      "Type": "PollConsul",

      "PollingInterval":

    }

  }

}

运行效果

新建一个cmd项目,测试下

class Program

    {

        static void Main(string[] args)

        {

            HttpClient client = new HttpClient();

            client.DefaultRequestHeaders.Clear();

            client.BaseAddress = new Uri("http://localhost:9000");

            // 1. without access_token will not access the service

            //    and return 401 .

            var resWithoutToken = client.GetAsync("/api/Counter/Count").Result;

            Console.WriteLine($"Sending Request to /api/Counter/Count , without token.");

            Console.WriteLine($"Result : {resWithoutToken.StatusCode}");

            //2. with access_token will access the service

            //   and return result.

            client.DefaultRequestHeaders.Clear();

            Console.WriteLine("\nBegin Auth....");

            var jwt = GetJwt();

            Console.WriteLine("End Auth....");

            Console.WriteLine($"\nToken={jwt}");

            client.DefaultRequestHeaders.Add("Authorization", $"Bearer {jwt}");

            var resWithToken = client.GetAsync("/api/Counter/Count").Result;

            Console.WriteLine($"\nSend Request to /api/Counter/Count , with token.");

            Console.WriteLine($"Result : {resWithToken.StatusCode}");

            Console.WriteLine(resWithToken.Content.ReadAsStringAsync().Result);

            //3. visit no auth service

            Console.WriteLine("\nNo Auth Service Here ");

            client.DefaultRequestHeaders.Clear();

            var res = client.GetAsync("/api/Counter/Count").Result;

            Console.WriteLine($"Send Request to /api/Counter/Count");

            Console.WriteLine($"Result : {res.StatusCode}");

            Console.WriteLine(res.Content.ReadAsStringAsync().Result);

            Console.Read();

        }

        private static string GetJwt()

        {

            HttpClient client = new HttpClient();

            client.BaseAddress = new Uri( "http://localhost:9000");

            client.DefaultRequestHeaders.Clear();

            var res2 = client.GetAsync("/authapi/auth?name=catcher&pwd=123").Result;

            dynamic jwt = JsonConvert.DeserializeObject(res2.Content.ReadAsStringAsync().Result);

            return jwt.access_token;

        }

    }

postman测试下。

先获取access_token

将access_token放到header中

如果不加入header中,则会报500错误

04 .NET CORE 2.2 使用OCELOT -- identity认证授权的更多相关文章

  1. (10)学习笔记 ) ASP.NET CORE微服务 Micro-Service ---- Ocelot+Identity Server

    用 JWT 机制实现验证的原理如下图:  认证服务器负责颁发 Token(相当于 JWT 值)和校验 Token 的合法性. 一. 相关概念 API 资源(API Resource):微博服务器接口. ...

  2. ocelot 自定义认证和授权

    ocelot 自定义认证和授权 Intro 最近又重新启动了网关项目,服务越来越多,每个服务都有一个地址,这无论是对于前端还是后端开发调试都是比较麻烦的,前端需要定义很多 baseUrl,而后端需要没 ...

  3. .net core gRPC与IdentityServer4集成认证授权

    前言 随着.net core3.0的正式发布,gRPC服务被集成到了VS2019.本文主要演示如何对gRPC的服务进行认证授权. 分析 目前.net core使用最广的认证授权组件是基于OAuth2. ...

  4. .net core使用Ocelot+Identity Server统一网关验证

    源码下载地址:下载 项目结构如下图: 在Identity Server授权中,实现IResourceOwnerPasswordValidator接口: public class IdentityVal ...

  5. asp.net core网关Ocelot的简单介绍& Ocelot集成Identity认证

    文章简介  Ocelot网关简介 Ocelot集成Idnetity认证处理 Ocelot网关简介 Ocelot是一个基于netcore实现的API网关,本质是一组按特定顺序排列的中间件.Ocelot内 ...

  6. (8)学习笔记 ) ASP.NET CORE微服务 Micro-Service ---- Ocelot网关(Api GateWay)

    说到现在现有微服务的几点不足: 1) 对于在微服务体系中.和 Consul 通讯的微服务来讲,使用服务名即可访问.但是对于手 机.web 端等外部访问者仍然需要和 N 多服务器交互,需要记忆他们的服务 ...

  7. ASP.NET Core Web API 索引 (更新Identity Server 4 视频教程)

    GraphQL 使用ASP.NET Core开发GraphQL服务器 -- 预备知识(上) 使用ASP.NET Core开发GraphQL服务器 -- 预备知识(下) [视频] 使用ASP.NET C ...

  8. ASP.NET Core 2.1 Web API + Identity Server 4 + Angular 6 + Angular Material 实战小项目视频

    视频简介 ASP.NET Core Web API + Angular 6的教学视频 我是后端开发人员, 前端的Angular部分讲的比较差一些, 可以直接看代码!!!! 这是一个小项目的实战视频, ...

  9. net core 2.0 web api + Identity Server 4 + angular 5

    net core 2.0 web api + Identity Server 4 + angular 5前台使用angular 5, 后台是asp.net core 2.0 web api + ide ...

随机推荐

  1. 【Spring Boot】Spring Boot之使用ImportSelector类实现动态注册Bean

    一.ImportSelector类介绍     可以通过指定的选择条件来决定哪些类被注册到Spring中.与ImportBeanDefinitionRegistrar类功能相似,通过@Import的方 ...

  2. Dubbo启动,调用方法失败【问题:调用超时】

    今天,启动dubbo,开始写项目. 在一个调用dubbo里面的一个方法时,程序一直调用,每次显示报红. 很难搞. 问题代码 com.alibaba.dubbo.rpc.RpcException: Fa ...

  3. Codeforces Round #304 (Div. 2)(CF546D) Soldier and Number Game(线性筛)

    题意 给你a,b(1<=b<=a<=5000000)表示a!/b!表示的数,你每次可以对这个数除以x(x>1且x为这个数的因子)使他变成a!/b!/x, 问你最多可以操作多少次 ...

  4. Java结构讲解

    Java结构有顺序结构.选择结构和循环结构. 顺序结构: 是Java的基本结构,除非特别说明,否则按顺序一句一句执行:也是最简单的结构:它是任何一个算法都离不开的一种基本算法结构. 选择结构: 1.i ...

  5. 201871010107-公海瑜《面向对象程序设计(java)》第6-7周学习总结

    201871010107-公海瑜<面向对象程序设计(java)>第6-7周学习总结                项目                                内容 ...

  6. linux下tree命令产生乱码,通过修改字符集解决

    alias tree='tree --charset ASCII'

  7. Centos 安装Django2.1

    一.环境准备 1.1 服务器系统 Centos7 1.2.所需工具 python3(Django 2.0 版本是基于python3 版本,故而安装时需安装python3) Setuptools(> ...

  8. async-profiler 容器使用常见问题

    Failed to inject profiler log Failed to inject profiler into 1830 linux-vdso.so.1 => (0x00007ffdf ...

  9. [LeetCode] 719. Find K-th Smallest Pair Distance 找第K小的数对儿距离

    Given an integer array, return the k-th smallest distance among all the pairs. The distance of a pai ...

  10. 面试:Semaphore(信号量)的成长之路

    2019最寒冷,面试跳槽不能等 马上就3月份了,所谓的金三银四招聘季.2019年也许是互联网最冷清的一年,很多知名的大型互联网公司都裁员过冬.当然也有一些公司还在持续招人的,比如阿里就宣称不裁员,反而 ...