我的第一个微服务系列(六):将User.Api添加到网关实现认证授权

  在前面五篇博文后,我们已经实现了通过User.Identity来调用User.Api实现认证获取到token,所以我们应该将User.Api除了认证接口外的接口都添加到Api.Gateway网关中,同时也将User.Identity添加到网关中,实现外网访问统一入口。

  Ocelot很好的支持了IdentityServer4,所以在Api.Gateway中需要添加IdentityServer4和IdentityServer4.AccessTokenValidation两个Nuget包

Install-Package IdentityServer4
Install-Package IdentityServer4.AccessTokenValidation

  在Ocelot.json中添加User.Api和User.Identity的路由配置

{
  "ReRoutes": [
    {
      "DownstreamPathTemplate": "/api/user",
      "DownstreamScheme": "http",
      "DownstreamHostAndPorts": [
        {
          "Host": "localhost",
          "Port": 63679
        }
      ],
      "UpstreamPathTemplate": "/user",
      "UpstreamHttpMethod": [ "Get", "Patch" ],
      "AuthenticationOptions": {
        "AuthenticationProviderKey": "Finbook",
        "AllowedScopes": [ "user_api" ]
      }
    },
    {
      "DownstreamPathTemplate": "/api/user/baseinfo/{userId}",
      "DownstreamScheme": "http",
      "DownstreamHostAndPorts": [
        {
          "Host": "localhost",
          "Port": 63679
        }
      ],
      "UpstreamPathTemplate": "/user/baseinfo/{userId}",
      "UpstreamHttpMethod": [ "Get" ],
      "AuthenticationOptions": {
        "AuthenticationProviderKey": "Finbook",
        "AllowedScopes": [ "user_api" ]
      }
    },
    {
      "DownstreamPathTemplate": "/api/user/tags",
      "DownstreamScheme": "http",
      "DownstreamHostAndPorts": [
        {
          "Host": "localhost",
          "Port": 63679
        }
      ],
      "UpstreamPathTemplate": "/user/tags",
      "UpstreamHttpMethod": [ "Get", "Put" ],
      "AuthenticationOptions": {
        "AuthenticationProviderKey": "Finbook",
        "AllowedScopes": [ "user_api" ]
      }
    },
    {
      "DownstreamPathTemplate": "/api/user/search",
      "DownstreamScheme": "http",
      "DownstreamHostAndPorts": [
        {
          "Host": "localhost",
          "Port": 63679
        }
      ],
      "UpstreamPathTemplate": "/user/search",
      "UpstreamHttpMethod": [ "Post" ],
      "AuthenticationOptions": {
        "AuthenticationProviderKey": "Finbook",
        "AllowedScopes": [ "user_api" ]
      }
    },
    {
      "DownstreamPathTemplate": "/connect/{catchAll}",
      "DownstreamScheme": "http",
      "DownstreamHostAndPorts": [
        {
          "Host": "localhost",
          "Port": 56424
        }
      ],
      "UpstreamPathTemplate": "/connect/{catchAll}",
      "UpstreamHttpMethod": [ "Post" ]
    },
    {
      "DownstreamPathTemplate": "/.well-known/{catchAll}",
      "DownstreamScheme": "http",
      "DownstreamHostAndPorts": [
        {
          "Host": "localhost",
          "Port": 56424
        }
      ],
      "UpstreamPathTemplate": "/.well-known/{catchAll}",
      "UpstreamHttpMethod": [ "Get" ]
    }
  ],
    "GlobalConfiguration": {
        "BaseUrl": "http://localhost"
    }
}

  可以看到User.Api的路由都添加了 AuthenticationOptions 选项来授权,添加完配置后需要在Startup中注入IdentityServer

var authenticationProviderKey = "Finbook";

services.AddAuthentication()
    .AddIdentityServerAuthentication(authenticationProviderKey, options=> {
        options.Authority = "http://localhost:56424"; //User.Identity服务器的Url
        options.ApiName = "gateway_api";
        options.SupportedTokens = SupportedTokens.Both;
        options.ApiSecret = "secret";
        options.RequireHttpsMetadata = false;
    });

  启动项目,通过postman可以测试拿到token

我的第一个微服务系列(六):将User.Api添加到网关实现认证授权

 

   如果未携带token访问想要获取用户信息将返回401

我的第一个微服务系列(六):将User.Api添加到网关实现认证授权

 

   将User.Api添加到网关后,如果我们需要获取当前用户信息该怎么办呢,这时候已经不像以前单体架构可以使用session来保存当前用户信息了,我们需要使用Asp.Net Core Identity 。

JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
    .AddJwtBearer(options =>
    {
        options.RequireHttpsMetadata = false;
        options.Audience = "user_api";
        options.Authority = "http://localhost"; // Api.Gateway网关Url
    });
app.UseAuthentication();

  可以在BaseController中获取到当前用户信息

using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Mvc;
using User.API.Dtos;

namespace User.API.Controllers
{
    public class BaseController : Controller
    {
        protected UserIdentity UserIdentity
        {
            get
            {
                return new UserIdentity {
                    UserId = Convert.ToInt32(User.Claims.FirstOrDefault(c => c.Type == "sub").Value),
                    Name = User.Claims.FirstOrDefault(c => c.Type == "name").Value,
                    Company = User.Claims.FirstOrDefault(c=>c.Type == "company").Value,
                    Title = User.Claims.FirstOrDefault(c=>c.Type == "title").Value,
                    Avatar = User.Claims.FirstOrDefault(c=>c.Type == "avatar").Value
                };
            }
        }
    }
}

 

我的第一个微服务系列(六):将User.Api添加到网关实现认证授权

上一篇:C语言 编程练习22题


下一篇:C#将运算字符串转换成表达式计算结果