问题描述
我遵循了本教程,并设法将api与Azure Active Directory结合使用身份验证和授权.
I followed this tutorial and managed to use api with Azure Active Directoryauthentication & authorization.
但是,我想从Ocelot Api Gateway后面使用该api.我可以将ocelot与自定义基本授权一起使用,但是不能与Azure Active Directory一起使用.
However I would like to consume the api from behind the Ocelot Api Gateway.I could use ocelot with custom basic authorization but could not accomplish to use with Azure Active Directory.
我已经将Ocelot api网关url添加到了我的api重定向url列表中.
I have added Ocelot api gateway url to my api redirect url list already.
如何在config.json和Ocelot Api Gateway项目StartUp.cs中设置ReRoutes值?
How should I set ReRoutes values in config.json and Ocelot Api Gateway project StartUp.cs ?
任何帮助将不胜感激.
推荐答案
最终我可以.首先要感谢ocelot库,因为它支持Azure Active Directory授权.
Eventually I could.First of all thanks to ocelot library because it supports Azure Active Directory authorization.
我认为您已经可以完成此教程.
I assume that you can already completed this tutorial.
1-照常创建ocelot api网关项目.
1-Create an ocelot api gateway project as usual.
2-将Microsoft.Identity.Web类库添加到ocelot项目中作为参考
2-Add Microsoft.Identity.Web class library to ocelot project as reference
3-添加ocelot.json,它应该如下所示
3-Add ocelot.json and it should be like below
{
"ReRoutes": [
{
"DownstreamPathTemplate": "/api/{catchAll}",
"DownstreamScheme": "http",
"DownstreamHostAndPorts": [
{
"Host": "localhost",
"Port": 44351
}
],
"UpstreamPathTemplate": "/to-do-service/api/{catchAll}",
"AuthenticationOptions": {
"AuthenticationProviderKey": "AzureADJwtBearer",
"AllowedScopes": []
}
}
],
"GlobalConfiguration": {
"BaseUrl": "http://localhost:7070",
"RequestIdKey": "OcRequestId",
"AdministrationPath": "/administration"
}
}
在Program.cs中4-编辑CreateWebHostBuilder方法,以便将ocelot.json用作其他配置源.
4-Edit CreateWebHostBuilder method in Program.cs so that ocelot.json is used as additional config source.
public static IWebHostBuilder CreateWebHostBuilder(string[] args) =>
WebHost.CreateDefaultBuilder(args)
.ConfigureAppConfiguration((hostingContext, config) =>
{
config.AddJsonFile("ocelot.json", false, false);
})
.UseStartup<Startup>();
在如下所示的Startup.cs中5-编辑ConfigureServices和Configure方法
5-Edit ConfigureServices and Configure methods in Startup.cs like below
public void ConfigureServices(IServiceCollection services)
{
services.AddProtectWebApiWithMicrosoftIdentityPlatformV2(Configuration); //this extension comes from Microsoft.Identity.Web class library
services.AddOcelot(Configuration);
//services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2);
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public async void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
await app.UseOcelot();
}
6-最后但并非最不重要的一点是,您应该将AzureAd配置添加到ocelot api网关项目中. (参考教程应与ToDoListService相同)她,您可以看到一个示例appsettings.json.
6-Last but not least you should add your AzureAd configuration to ocelot api gateway project. (It should be same as ToDoListService for reference tutorial)Her you can see an example appsettings.json .
{
"AzureAd": {
"Instance": "https://login.microsoftonline.com/",
"ClientId": "client-id-guid-from-azure-ad",
/*
You need specify the TenantId only if you want to accept access tokens from a single tenant (line of business app)
Otherwise you can leave them set to common
*/
"Domain": "blablabla.onmicrosoft.com", // for instance contoso.onmicrosoft.com. Not used in the ASP.NET core template
"TenantId": "tenant-id-guid-from-azure-ad" // A guid (Tenant ID = Directory ID) or 'common' or 'organizations' or 'consumers'
},
"Logging": {
"LogLevel": {
"Default": "Warning"
}
},
"AllowedHosts": "*"
}
我希望这个答案可以节省别人的时间并让他们的生活更快乐:)
I hope this answer save someones time and make their life happier :)
祝您编程愉快!
这篇关于如何使用Azure Active Directory设置Ocelot Api Gateway的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!