ASP.NET Core3.1 Ocelot认证的实现

public void ConfigureServices(IServiceCollection services) { //获取appsettings.json文件中设置认证中密钥（Secret）跟受众（Aud）信息 var audienceConfig = Configuration.GetSection("Audience"); //获取安详秘钥 var signingKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(audienceConfig["Secret"])); //token要验证的参数荟萃 var tokenValidationParameters = new TokenValidationParameters { //必需验证安详秘钥 ValidateIssuerSigningKey = true, //赋值安详秘钥 IssuerSigningKey = signingKey, //必需验证签发人 ValidateIssuer = true, //赋值签发人 ValidIssuer = audienceConfig["Iss"], //必需验证受众 ValidateAudience = true, //赋值受众 ValidAudience = audienceConfig["Aud"], //是否验证Token有用期，行使当前时刻与Token的Claims中的NotBefore和Expires比拟 ValidateLifetime = true, //应承的处事器时刻偏移量 ClockSkew = TimeSpan.Zero, //是否要求Token的Claims中必需包括Expires RequireExpirationTime = true, }; //添加处事验证，方案为TestKey services.AddAuthentication(o => { o.DefaultAuthenticateScheme = "TestKey"; }) .AddJwtBearer("TestKey", x => { x.RequireHttpsMetadata = false; //在JwtBearerOptions设置中，IssuerSigningKey(署名秘钥)、ValidIssuer(Token揭晓机构)、ValidAudience(揭晓给谁)三个参数是必需的。 x.TokenValidationParameters = tokenValidationParameters; }); services.AddMvc(); } public void Configure(IApplicationBuilder app) { //行使认证处事 app.UseAuthentication(); app.UseMvc(); }

在CustomersController下添加一个必要认证要领，一个不必要认证要领：

[Route("api/[controller]")] public class CustomersController : Controller { //添加认证属性 [Authorize] [HttpGet] public IEnumerable<string> Get() { return new string[] { "Catcher Wong", "James Li" }; } [HttpGet("{id}")] public string Get(int id) { return $"Catcher Wong - {id}"; } }

3.4ClientApp项目

该项目是用来模仿客户端会见资源处事器整个认证流程测试项目，在Program主措施可以看到如下代码：

class Program { static void Main(string[] args) { HttpClient client = new HttpClient(); client.DefaultRequestHeaders.Clear(); client.BaseAddress = new Uri("http://localhost:9000"); // 1. without access_token will not access the service // and return 401 . var resWithoutToken = client.GetAsync("/customers").Result; Console.WriteLine($"Sending Request to /customers , without token."); Console.WriteLine($"Result : {resWithoutToken.StatusCode}"); //2. with access_token will access the service // and return result. client.DefaultRequestHeaders.Clear(); Console.WriteLine("nBegin Auth...."); var jwt = GetJwt(); Console.WriteLine("End Auth...."); Console.WriteLine($"nToken={jwt}"); client.DefaultRequestHeaders.Add("Authorization", $"Bearer {jwt}"); var resWithToken = client.GetAsync("/customers").Result; Console.WriteLine($"nSend Request to /customers , with token."); Console.WriteLine($"Result : {resWithToken.StatusCode}"); Console.WriteLine(resWithToken.Content.ReadAsStringAsync().Result); //3. visit no auth service Console.WriteLine("nNo Auth Service Here "); client.DefaultRequestHeaders.Clear(); var res = client.GetAsync("/customers/1").Result; Console.WriteLine($"Send Request to /customers/1"); Console.WriteLine($"Result : {res.StatusCode}"); Console.WriteLine(res.Content.ReadAsStringAsync().Result); Console.Read(); } private static string GetJwt() { HttpClient client = new HttpClient(); client.BaseAddress = new Uri( "http://localhost:9000"); client.DefaultRequestHeaders.Clear(); var res2 = client.GetAsync("/api/auth?name=catcher&pwd=123").Result; dynamic jwt = JsonConvert.DeserializeObject(res2.Content.ReadAsStringAsync().Result); return jwt.access_token; } }

运行项目看看测试功效：

团结代码，我们能看到当客户端通过Ocelot网关会见下流处事:9000/api/Customers/Get要领时辰，由于该要领是必要通过认证才返回处理赏罚功效的，以是会举办JWT Token认证，假如发明没有Token，Ocelot则返回http状态代码401拒绝会见。假如我们通过GetJwt要领在AuthServer处事上登录认证获取到授权Token，然后再见见该资源处事器接口，当即就会返回处理赏罚功效，通过跟而未加认证属性的:9000/api/Customers/Get/{id}要领比拟，我们就知道，Ocelot认证已经乐成了!

4.总结

（编辑：湖南网）

【声明】本站内容均来自网络，其相关言论仅代表作者个人观点，不代表本站立场。若无意侵犯到您的权利，请及时与联系站长删除相关内容!