1024programmer Asp.Net Questions about Ocelot’s Claims Transformation

Questions about Ocelot’s Claims Transformation

Questions about Ocelot’s Claims Transformation

If you don’t understand the original article about Claims Transformation, you can refer to the translation of this article: https://www.cnblogs.com/irocker/p/Ocelot-claimstransformation.html

Here I mainly record a pitfall I encountered.

The structure of my project is as shown in the picture above. The front end calls the gateway, and the gateway calls the login interface of the admin service to obtain the token, and then calls the demo service. How does the demo obtain the user ID after login?

Look at the Claims Transformation chapter on the official website, there are three ways:

1. AddClaimsToRequest
2. AddHeadersToRequest
3. AddQueriesToRequest
Methods 2 and 3 are relatively simple, as long as they are configured in the ocelot configuration.  The first method is a bit tricky and needs to be handled in the code. At first I thought it would just be configured in ocelot.json.  
Let’s talk about the first method.
The first step: Look at the official website and say that you need to add the configuration selected in the figure below to the ocelot.json configuration. In fact, it is not needed because it parses the token to obtain the sid in the second step. , and then assign it to claim. Does anyone know if you can get the sid from the claim in the demo service by directly configuring ocelot.json? Please enlighten me.

The picture below shows the Claim part when creating a token:

Step 2: Add the following code to the main method in the demo service:

 builder.Services.AddAuthentication(x =>
  {
                 x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
                 x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
             }).AddJwtBearer(x =>
             {
                 x.RequireHttpsMetadata = false;
                 x.SaveToken = true;
                 x.TokenValidationParameters = CreateTokenValidationParameters();
             });
 private static TokenValidationParameters CreateTokenValidationParameters() //we  ignore token validation because gateway validates it
  {
             //Reference article: https://github.com/ThreeMammals/Ocelot/issues/396#issuecomment-579719589
             var result = new   TokenValidationParameters
             {
                 ValidateIssuer = false,
                 ValidateAudience = false,
                 ValidateIssuerSigningKey = false,
                 SignatureValidator = delegate (  string token, TokenValidationParameters parameters)
                 {
                     var jwt = new   JwtSecurityToken(token);
                     return jwt;
                 },
                 RequireExpirationTime = true,
                 ValidateLifetime = true,
                 ClockSkew = TimeSpan.Zero,
                 RequireSignedTokens = false
             };
             returnresult;
         }

Step 3: Now you can get the user ID through claim in the demo service

The first method ends here. Let’s talk about the second method:

Step one: Add the following configuration to ocelot.json:

Then we can see the value of sid in the action of the controller in the demo service. The code for the second and third steps in the first method is not required.

Is the second method particularly simple? It is recommended to use this method, but it is not recommended to expose this service on the public Internet. The third way is not verbose.

 

This article comes from Blog Park, author: Chai Meng, please indicate the original link when reprinting: https://www.cnblogs.com/koeltp/p/17254764.html

This article is from the internet and does not represent1024programmerPosition, please indicate the source when reprinting:https://www.1024programmer.com/questions-about-ocelots-claims-transformation-2/

author: admin

Previous article
Next article

Leave a Reply

Your email address will not be published. Required fields are marked *

Contact Us

Contact us

181-3619-1160

Online consultation: QQ交谈

E-mail: [email protected]

Working hours: Monday to Friday, 9:00-17:30, holidays off

Follow wechat
Scan wechat and follow us

Scan wechat and follow us

Follow Weibo
Back to top
首页
微信
电话
搜索