问题描述
我关注了 this 教程并设法将 api 与 Azure Active Directory 一起使用认证和授权.
I followed this tutorial and managed to use api with Azure Active Directoryauthentication & authorization.
但是,我想从 Ocelot Api 网关后面使用 api.我可以使用带有自定义基本授权的 ocelot,但无法与 Azure Active Directory 一起使用.
However I would like to consume the api from behind the Ocelot Api Gateway.I could use ocelot with custom basic authorization but could not accomplish to use with Azure Active Directory.
我已经将 Ocelot api 网关 url 添加到我的 api 重定向 url 列表中.
I have added Ocelot api gateway url to my api redirect url list already.
我应该如何在 config.json 和 Ocelot Api Gateway 项目 StartUp.cs 中设置 ReRoutes 值?
How should I set ReRoutes values in config.json and Ocelot Api Gateway project StartUp.cs ?
任何帮助将不胜感激.
推荐答案
我终于可以了.首先感谢 ocelot 库,因为它支持 Azure Active Directory 授权.
Eventually I could.First of all thanks to ocelot library because it supports Azure Active Directory authorization.
我假设你已经可以完成 这个教程.
I assume that you can already completed this tutorial.
1-像往常一样创建一个ocelot api网关项目.
1-Create an ocelot api gateway project as usual.
2-将Microsoft.Identity.Web类库添加到ocelot项目中作为参考
2-Add Microsoft.Identity.Web class library to ocelot project as reference
3-添加ocelot.json,应该如下图
3-Add ocelot.json and it should be like below
{
"ReRoutes": [
{
"DownstreamPathTemplate": "/api/{catchAll}",
"DownstreamScheme": "http",
"DownstreamHostAndPorts": [
{
"Host": "localhost",
"Port": 44351
}
],
"UpstreamPathTemplate": "/to-do-service/api/{catchAll}",
"AuthenticationOptions": {
"AuthenticationProviderKey": "AzureADJwtBearer",
"AllowedScopes": []
}
}
],
"GlobalConfiguration": {
"BaseUrl": "http://localhost:7070",
"RequestIdKey": "OcRequestId",
"AdministrationPath": "/administration"
}
}
4-编辑 Program.cs 中的 CreateWebHostBuilder 方法,以便将 ocelot.json 用作附加配置源.
4-Edit CreateWebHostBuilder method in Program.cs so that ocelot.json is used as additional config source.
public static IWebHostBuilder CreateWebHostBuilder(string[] args) =>
WebHost.CreateDefaultBuilder(args)
.ConfigureAppConfiguration((hostingContext, config) =>
{
config.AddJsonFile("ocelot.json", false, false);
})
.UseStartup<Startup>();
5-在 Startup.cs 中编辑 ConfigureServices 和 Configure 方法,如下所示
5-Edit ConfigureServices and Configure methods in Startup.cs like below
public void ConfigureServices(IServiceCollection services)
{
services.AddProtectWebApiWithMicrosoftIdentityPlatformV2(Configuration); //this extension comes from Microsoft.Identity.Web class library
services.AddOcelot(Configuration);
//services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2);
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public async void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
await app.UseOcelot();
}
6-最后但同样重要的是,您应该将您的 AzureAd 配置添加到 ocelot api 网关项目.(参考教程应该和 ToDoListService 一样)她你可以看到一个示例 appsettings.json .
6-Last but not least you should add your AzureAd configuration to ocelot api gateway project. (It should be same as ToDoListService for reference tutorial)Her you can see an example appsettings.json .
{
"AzureAd": {
"Instance": "https://login.microsoftonline.com/",
"ClientId": "client-id-guid-from-azure-ad",
/*
You need specify the TenantId only if you want to accept access tokens from a single tenant (line of business app)
Otherwise you can leave them set to common
*/
"Domain": "blablabla.onmicrosoft.com", // for instance contoso.onmicrosoft.com. Not used in the ASP.NET core template
"TenantId": "tenant-id-guid-from-azure-ad" // A guid (Tenant ID = Directory ID) or 'common' or 'organizations' or 'consumers'
},
"Logging": {
"LogLevel": {
"Default": "Warning"
}
},
"AllowedHosts": "*"
}
我希望这个答案可以节省一些人的时间,让他们的生活更快乐:)
I hope this answer save someones time and make their life happier :)
编码愉快!
这篇关于如何使用 Azure Active Directory 设置 Ocelot Api 网关的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!