dcp*_*986 8 c# .net-core identityserver4 ocelot
我使用ocelot作为我的微服务的API网关,并使用IdentityServer4进行身份验证。在ocelot配置文件中,我添加了“ AuthenticationOptions”并设置了api密钥。在启动中,添加身份服务器。在身份服务器中,我使用标头中的值来动态构建连接字符串。当我发送获取令牌的请求时,可以在身份服务中访问标头。但是当我发送带有令牌的下一个请求时,原始标头不可用。在身份服务中只能看到“主机”标头。
在将请求路由到身份服务器时,是否可以保留原始标头?
Startup.cs(添加身份服务器)
services
.AddAuthentication()
.AddIdentityServerAuthentication("APIParts", options =>
{
options.Authority = "http://localhost:60168";
options.RequireHttpsMetadata = false;
options.ApiName = "Parts";
options.SupportedTokens = SupportedTokens.Both;
});
ocelot.json
ReRoutes": [
{
"DownstreamPathTemplate": "/connect/token",
"DownstreamScheme": "http",
"DownstreamHostAndPorts": [
{
"Host": "localhost",
"Port": 60168
}
],
"UpstreamPathTemplate": "/token",
"UpstreamHttpMethod": [ "Post" ]
},
{
"DownstreamPathTemplate": "/api/Parts/Inventory",
"DownstreamScheme": "http",
"DownstreamHostAndPorts": [
{
"Host": "localhost",
"Port": 65241
}
],
"UpstreamPathTemplate": "/api/Parts/Inventory",
"AuthenticationOptions": {
"AuthenticationProviderKey": "APIParts",
"AllowedScopes": []
}
}]
小智 0
我不熟悉 Ocelot,但在我的架构中,IdentityServer 在负载均衡器后面运行,并通过 Nginx Ingress 在 Kubernetes 集群中路由,这需要我在 IdentityServer 的方法中配置标头转发,Startup.Configure如下所示:
var forwardOptions = new ForwardedHeadersOptions
{
ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto,
RequireHeaderSymmetry = false
};
forwardOptions.KnownNetworks.Clear();
forwardOptions.KnownProxies.Clear();
app.UseForwardedHeaders(forwardOptions);
| 归档时间: |
|
| 查看次数: |
231 次 |
| 最近记录: |