Home > Software design >  Using Ocelot with Cookie Authentication
Using Ocelot with Cookie Authentication

Time:09-14

I was wondering if anyone can advise - does Ocelot support Cookie Authentication? I have 3 microservices and I am new to Ocelot and in many articles and documentation, it is written that Ocelot works with tokens only. Can anyone suggest how to create API Gateway which handles cookie authentication?

CodePudding user response:

in microservices the authentication and authorization is handled by identity server (Oauth) and the ocelot is a reverse-proxy (also load balancing etc) to forward requests. if you configure ocelot to proxy any secured api then you can do configuration like

{
  "Routes": [

    {
      "DownstreamPathTemplate": "/WeatherForecast",
      "DownstreamScheme": "https",
      "DownstreamHostAndPorts": [
        {
          "Host": "localhost",
          "Port": 5001
        }
      ],
      "UpstreamPathTemplate": "/weather",
      "UpstreamHttpMethod": [ "GET" ],
      "AuthenticationOptions": {
        "AuthenticationProviderKey": "IdentityApiKey",
        "AllowedScopes": []
      }
    }

  ]

ocelot program.cs

var authenticationProviderKey = "IdentityApiKey";

builder.Services.AddAuthentication()
    .AddJwtBearer(authenticationProviderKey, cfg =>
    {
        cfg.Authority = "https://localhost:9001";

        cfg.TokenValidationParameters = new TokenValidationParameters
        {
            ValidateAudience = false
        };
    });

where the localhost:9001 is the identity server service. this the minimum configuration.

Ocelot works with tokens only

NO. if the api you try to reach is secured then yes.

Page link:https//www.codepudding.com/Softwaredesign/544222.html

Prev:How split UI code from razor page to class with blazor server
Next:Methods with Windows Form C#
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding