Shulou(Shulou.com)06/01 Report--

Gateway-based verification package Ocelot.JwtAuthorize how to understand, I believe that many inexperienced people do not know what to do, so this paper summarizes the causes of the problem and solutions, through this article I hope you can solve this problem.

As an API gateway based on .net core, Ocelot has a function of unified verification. Its function is to keep requests without access outside the API gateway, rather than to verify when it arrives at the API of the API gateway. I have arranged it below and encapsulated it into a Nuget package for everyone to call.

The verification of Web API usually uses UserName and Password to request to Token, and then the API interface that requires permission for each request brings Token to the requested Header. As credentials, the API server receives the request and verifies the Token brought by the client to check whether the Token is correct and expired. If there is no problem, then authenticate the user, whether the user has the right to access this API interface. In this way, logging in and obtaining Tokent is considered as one block. After a successful login, each Token request is divided into two blocks: one is authentication and the other is authentication, so it is divided into three blocks in Ocelot.JwtAuthorize.

The source code of the project is located in https://github.com/axzxs2001/Ocelot.JWTAuthorize

Nuget is https://www.nuget.org/packages/Ocelot.JwtAuthorize.

It is also very easy to use, first of all, there is a unified configuration file (in the gateway project, in the API project, in the verification project)

1. In the gateway project, you can insert services.AddOcelotJwtAuthorize () into the ConfigureService method of Startup.

2. In the verification project, services.AddTokenJwtAuthorize () is injected into the ConfigureService method of Startup. At the same time, another function of the verification project is to distribute the Token. The premise is that the user has the correct user name and password, so you need to do a login Colloer and Action to achieve this. Note that the information in the Claim when logging in is the information that verifies permissions in the API project.

3. Inject into the ConfigureService method of Startup in the API project

After reading the above, have you mastered the method of how to understand the gateway-based verification package Ocelot.JwtAuthorize? If you want to learn more skills or want to know more about it, you are welcome to follow the industry information channel, thank you for reading!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.