首页 > 其他分享 >NetCore Ocelot 之 Authorization

NetCore Ocelot 之 Authorization

时间:2023-10-09 10:55:05浏览次数:42  
标签:NetCore admin ClientClaim client Ocelot tom new Authorization

Ocelot supports claims based authorization which is run post authentication. This means if ou have a route you want to authorize you can add the following to you Route configuration.

 "RouteClaimsRequirement": {
        "client_role": "admin"
      }

Add the Authorization middlware to request pipeline.

app.UseOcelot().Wait();
app.UseAuthentication();
app.UseAuthorization();

if the request access token with the claim type: 'client_role' and value is 'admin', the user will be authorized.

 The access token is bellow

{
  "nbf": 1696813802,
  "exp": 1696817402,
  "iss": "https://localhost:9000",
  "aud": [
    "APIResource1",
    "APIResource2"
  ],
  "client_id": "clientId",
  "client_role": "admin",
  "client_nickname": "tom",
  "client_Emai": "[email protected]",
  "jti": "EB792F9B19537B4ACC28B76FD5588804",
  "iat": 1696813802,
  "scope": [
    "apiscope1",
    "apiscope2"
  ]
}

IdentityServer4 ClientClaim configuration

Claims = new List<ClientClaim>
{
       new ClientClaim(IdentityModel.JwtClaimTypes.Role,"admin"),
       new ClientClaim(IdentityModel.JwtClaimTypes.NickName,"tom"),
       new ClientClaim("Emai","[email protected]")
}

And why the generated claim type with the client_ prefix, it's the default value configured in IdentityServer4.Model.Client, you can change and override the default prefix or set to empty.

 OK, that's all the Authorization process, so easy.

 

标签:NetCore,admin,ClientClaim,client,Ocelot,tom,new,Authorization
From: https://www.cnblogs.com/qindy/p/17750971.html

相关文章

  • NetCore Ocelot 之 Qos
    QosqualityofserviceOcelotsupportsoneQoscapabilityatthecurrenttime.YoucansetonaperRoutebasisifyouwanttouseacircuitbreakerwhenmakingrequeststoadownstreamservice.Thisusesanawesome.NETlibrarycalledPolly.Thefirstthi......
  • NetCore Ocelot 之 Load Balancer
    OcelotcanloadbalanceacrossavailabledownstreamservicesforeachRoute.ThismeansyoucanscaleyourdownstreamservicesandOcelotcanusethemeffectively.TheTypeofloadbalanceravailbleare:  LeastConnection -trackswhichservicearedeal......
  • NetCore Ocelot 之 Authentication
    InordertoauthenticateRoutesandsubsequentlyuseanyofOcelot'sclaimsbasedfeaturessuchasauthorizationormodifyingtherequestwithvaluesfromthetoken.UsersmustregisterauthenticationservicesintheirStartup.csasusualbuttheypr......
  • NetCore Ocelot 之 Rate Limiting
    Ocelotsupportsratelimitingofupstreamrequestssothatyourdownstreamservicesdonotbecomeoverloaded.OKsotogetratelimitingworkingforaRouteyouneedtoaddthefollowingjsontoit."RateLimitOptions":{"ClientWhi......
  • NetCore学习笔记:单元测试和集成测试
    前言#我在使用AspNetCore的这段时间内,看了很多开源项目和博客,发现各种.Net体系的新技术很多人都有关注和使用,但却很少有人关注测试。测试是软件生命周期中的一个非常重要的阶段,对于保证软件的可靠性具有极其重要的意义。在应用程序的开发过程中,为了确保它的功能与预期一致,......
  • 开源.NetCore通用工具库Xmtool使用连载 - 扩展动态对象篇
    【Github源码】《上一篇》介绍了Xmtool工具库中的图形验证码类库,今天我们继续为大家介绍其中的扩展动态对象类库。<br>扩展动态对象是整个工具库中最重要的一个设计。在软件开发过程中,我们经常需要定义各种各样的数据对象;例如:用于参数传递的数据实体类、用于接口返回结果的Json......
  • 解决 虚拟机VMWARE AUTHORIZATION SERVICE未能启动
    打开控制面板–>点击应用–>在搜索框中输入:vmware搜索–>点击修改或卸载–>进行修复(备注:如果你还有安装包的话也可以打开安装包进行修复)转载:https://www.cnblogs.com/javaxubo/p/16909225.html......
  • AspNetCore不明确的匹配异常-请求与多个终结点匹配
    框架:net6.0AspNetCoreMVC添加区域控制器HomeController,直接启动报错;因默认路由下存在相同的控制器HomeController(非区域的),需要修改路由映射配置;在Program.cs添加区域路由配置app.MapAreaControllerRoute(name:"areaRoute",areaName:"Admin",pattern:......
  • .netCore 图形验证码,非System.Drawing.Common
    netcore需要跨平台,说白点就是放在windows服务器要能用,放在linux服务器上也能用,甚至macos上。很多时候需要使用到图形验证码,这就有问题了。旧方案1.引入包<PackageReferenceInclude="System.Drawing.Common"Version="5.0.3"/>2.添加引用usingSystem.Drawing;usingSystem......
  • NetCore 国际化最佳实践
    NetCore国际化最佳实践ASP.NETCore中提供了一些本地化服务和中间件,可将网站本地化为不同的语言文化。ASP.NETCore中我们可以使用Microsoft.AspNetCore.Localization库来实现本地化。但是默认只支持使用资源文件方式做多语言存储,很难在实际场景中使用。有没有可能支持官方资源......