Ocelot統一權限驗證
Ocelot做爲網關,能夠用來做統一驗證,接上一篇博客,咱們繼續
前一篇,咱們建立了OcelotGateway網關項目,DemoAAPI項目,DemoBAPI項目,爲了驗證用戶並分發Token,如今還須要添加AuthenticationAPI項目,也是asp.net core web api項目,總體思路是,當用戶首次請求(Request)時web服務,網關會判斷本請求有無Token,並是否正確,若是沒有或不正確,就會反回401 Unauthorized;若是請求調用登陸,正確輸入用戶名或密碼,AuthenticationAPI會驗證並分發Token;當客戶端帶上Token再次訪問web服務時,網關就會放過本請求,當請求到達web服務時,web服務要對本Token進行受權驗證,若是有訪問請求的地址,會成功返回應答,負責會提示沒有權驗,因此只要具備正確的Token,應答返回都是200 OK,由於Token正確,只是沒有權限訪問請求的內容。
下面建立最重要的一個項目Ocelot.JWTAuthorizePolicy,選.NET Standard的類庫做爲項目模板建立本項目,本項目的做用是爲網關項目(OcelotGateway),web服務項目(DemoAAPI和DemoBAPI),和AuthenticationAPI提供注入JWT或自定義策略的API,關於自定義策略,可參考(http://www.cnblogs.com/axzxs2001/p/7530929.html)
本項目中的組成部分:
Permission.cshtml
1 namespace Ocelot.JWTAuthorizePolicy 2 { 3 /// <summary> 4 /// 用戶或角色或其餘憑據實體 5 /// </summary> 6 public class Permission 7 { 8 /// <summary> 9 /// 用戶或角色或其餘憑據名稱 10 /// </summary> 11 public virtual string Name 12 { get; set; } 13 /// <summary> 14 /// 請求Url 15 /// </summary> 16 public virtual string Url 17 { get; set; } 18 } 19 }
PermissionRequirement.csweb
1 using Microsoft.AspNetCore.Authorization; 2 using Microsoft.IdentityModel.Tokens; 3 using System; 4 using System.Collections.Generic; 5 6 namespace Ocelot.JWTAuthorizePolicy 7 { 8 /// <summary> 9 /// 必要參數類 10 /// </summary> 11 public class PermissionRequirement : IAuthorizationRequirement 12 { 13 /// <summary> 14 /// 無權限action 15 /// </summary> 16 public string DeniedAction { get; set; } 17 18 /// <summary> 19 /// 認證受權類型 20 /// </summary> 21 public string ClaimType { internal get; set; } 22 /// <summary> 23 /// 請求路徑 24 /// </summary> 25 public string LoginPath { get; set; } = "/Api/Login"; 26 /// <summary> 27 /// 發行人 28 /// </summary> 29 public string Issuer { get; set; } 30 /// <summary> 31 /// 訂閱人 32 /// </summary> 33 public string Audience { get; set; } 34 /// <summary> 35 /// 過時時間 36 /// </summary> 37 public TimeSpan Expiration { get; set; } 38 /// <summary> 39 /// 簽名驗證 40 /// </summary> 41 public SigningCredentials SigningCredentials { get; set; } 42 43 /// <summary> 44 /// 構造 45 /// </summary> 46 /// <param name="deniedAction">無權限action</param> 47 /// <param name="userPermissions">用戶權限集合</param> 48 49 /// <summary> 50 /// 構造 51 /// </summary> 52 /// <param name="deniedAction">拒約請求的url</param> 53 /// <param name="claimType">聲明類型</param> 54 /// <param name="issuer">發行人</param> 55 /// <param name="audience">訂閱人</param> 56 /// <param name="signingCredentials">簽名驗證明體</param> 57 public PermissionRequirement(string deniedAction, string claimType, string issuer, string audience, SigningCredentials signingCredentials, TimeSpan expiration) 58 { 59 ClaimType = claimType; 60 DeniedAction = deniedAction; 61 Issuer = issuer; 62 Audience = audience; 63 Expiration = expiration; 64 SigningCredentials = signingCredentials; 65 } 66 } 67 }
PermissionHandler.cs數據庫
1 using Microsoft.AspNetCore.Authentication; 2 using Microsoft.AspNetCore.Authentication.JwtBearer; 3 using Microsoft.AspNetCore.Authorization; 4 using Microsoft.Extensions.DependencyInjection; 5 using System; 6 using System.Collections.Generic; 7 using System.Linq; 8 using System.Security.Claims; 9 using System.Threading.Tasks; 10 11 namespace Ocelot.JWTAuthorizePolicy 12 { 13 /// <summary> 14 /// 權限受權Handler 15 /// </summary> 16 public class PermissionHandler : AuthorizationHandler<PermissionRequirement> 17 { 18 /// <summary> 19 /// 驗證方案提供對象 20 /// </summary> 21 public IAuthenticationSchemeProvider Schemes { get; set; } 22 /// <summary> 23 /// 用戶權限集合 24 /// </summary> 25 List<Permission> _permissions; 26 /// <summary> 27 /// 構造 28 /// </summary> 29 /// <param name="schemes"></param> 30 public PermissionHandler(IAuthenticationSchemeProvider schemes, List<Permission> permissions=null) 31 { 32 Schemes = schemes; 33 _permissions = permissions; 34 } 35 36 protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, PermissionRequirement requirement) 37 { 38 //從AuthorizationHandlerContext轉成HttpContext,以便取出表求信息 39 var httpContext = (context.Resource as Microsoft.AspNetCore.Mvc.Filters.AuthorizationFilterContext).HttpContext; 40 //請求Url 41 var questUrl = httpContext.Request.Path.Value.ToLower(); 42 //判斷請求是否中止 43 var handlers = httpContext.RequestServices.GetRequiredService<IAuthenticationHandlerProvider>(); 44 foreach (var scheme in await Schemes.GetRequestHandlerSchemesAsync()) 45 { 46 var handler = await handlers.GetHandlerAsync(httpContext, scheme.Name) as IAuthenticationRequestHandler; 47 if (handler != null && await handler.HandleRequestAsync()) 48 { 49 context.Fail(); 50 return; 51 } 52 } 53 //判斷請求是否擁有憑據,即有沒有登陸 54 var defaultAuthenticate = await Schemes.GetDefaultAuthenticateSchemeAsync(); 55 if (defaultAuthenticate != null) 56 { 57 var result = await httpContext.AuthenticateAsync(defaultAuthenticate.Name); 58 //result?.Principal不爲空即登陸成功 59 if (result?.Principal != null) 60 { 61 httpContext.User = result.Principal; 62 //權限中是否存在請求的url 63 if (_permissions!=null&&_permissions.GroupBy(g => g.Url).Where(w => w.Key.ToLower() == questUrl).Count() > 0) 64 { 65 var name = httpContext.User.Claims.SingleOrDefault(s => s.Type == requirement.ClaimType).Value; 66 //驗證權限 67 if (_permissions.Where(w => w.Name == name && w.Url.ToLower() == questUrl).Count() == 0) 68 { 69 //無權限跳轉到拒絕頁面 70 httpContext.Response.Redirect(requirement.DeniedAction); 71 context.Succeed(requirement); 72 return; 73 } 74 } 75 //判斷過時時間 76 if (DateTime.Parse(httpContext.User.Claims.SingleOrDefault(s => s.Type == ClaimTypes.Expiration).Value) >= DateTime.Now) 77 { 78 context.Succeed(requirement); 79 } 80 else 81 { 82 context.Fail(); 83 } 84 return; 85 } 86 } 87 //判斷沒有登陸時,是否訪問登陸的url,而且是Post請求,而且是form表單提交類型,不然爲失敗 88 if (!questUrl.Equals(requirement.LoginPath.ToLower(), StringComparison.Ordinal) && (!httpContext.Request.Method.Equals("POST") 89 || !httpContext.Request.HasFormContentType)) 90 { 91 context.Fail(); 92 return; 93 } 94 context.Succeed(requirement); 95 } 96 } 97 }
JwtToken.csjson
1 using System; 2 using System.IdentityModel.Tokens.Jwt; 3 using System.Security.Claims; 4 5 namespace Ocelot.JWTAuthorizePolicy 6 { 7 /// <summary> 8 /// JWTToken生成類 9 /// </summary> 10 public class JwtToken 11 { 12 /// <summary> 13 /// 獲取基於JWT的Token 14 /// </summary> 15 /// <param name="username"></param> 16 /// <returns></returns> 17 public static dynamic BuildJwtToken(Claim[] claims, PermissionRequirement permissionRequirement) 18 { 19 var now = DateTime.UtcNow; 20 var jwt = new JwtSecurityToken( 21 issuer: permissionRequirement.Issuer, 22 audience: permissionRequirement.Audience, 23 claims: claims, 24 notBefore: now, 25 expires: now.Add(permissionRequirement.Expiration), 26 signingCredentials: permissionRequirement.SigningCredentials 27 ); 28 var encodedJwt = new JwtSecurityTokenHandler().WriteToken(jwt); 29 var responseJson = new 30 { 31 Status = true, 32 access_token = encodedJwt, 33 expires_in = permissionRequirement.Expiration.TotalMilliseconds, 34 token_type = "Bearer" 35 }; 36 return responseJson; 37 } 38 } 39 }
OcelotJwtBearerExtension.cs,本類型中的方法分別用於網關,web服務,和驗證服務,請參看註釋api
1 using Microsoft.AspNetCore.Authentication; 2 using Microsoft.AspNetCore.Authorization; 3 using Microsoft.Extensions.DependencyInjection; 4 using Microsoft.IdentityModel.Tokens; 5 using System; 6 using System.Collections.Generic; 7 using System.Security.Claims; 8 using System.Text; 9 10 namespace Ocelot.JWTAuthorizePolicy 11 { 12 /// <summary> 13 /// Ocelot下JwtBearer擴展 14 /// </summary> 15 public static class OcelotJwtBearerExtension 16 { 17 /// <summary> 18 /// 注入Ocelot下JwtBearer,在ocelot網關的Startup的ConfigureServices中調用 19 /// </summary> 20 /// <param name="services">IServiceCollection</param> 21 /// <param name="issuer">發行人</param> 22 /// <param name="audience">訂閱人</param> 23 /// <param name="secret">密鑰</param> 24 /// <param name="defaultScheme">默認架構</param> 25 /// <param name="isHttps">是否https</param> 26 /// <returns></returns> 27 public static AuthenticationBuilder AddOcelotJwtBearer(this IServiceCollection services, string issuer, string audience, string secret, string defaultScheme, bool isHttps = false) 28 { 29 var keyByteArray = Encoding.ASCII.GetBytes(secret); 30 var signingKey = new SymmetricSecurityKey(keyByteArray); 31 var tokenValidationParameters = new TokenValidationParameters 32 { 33 ValidateIssuerSigningKey = true, 34 IssuerSigningKey = signingKey, 35 ValidateIssuer = true, 36 ValidIssuer = issuer,//發行人 37 ValidateAudience = true, 38 ValidAudience = audience,//訂閱人 39 ValidateLifetime = true, 40 ClockSkew = TimeSpan.Zero, 41 RequireExpirationTime = true, 42 }; 43 return services.AddAuthentication(options => 44 { 45 options.DefaultScheme = defaultScheme; 46 }) 47 .AddJwtBearer(defaultScheme, opt => 48 { 49 //不使用https 50 opt.RequireHttpsMetadata = isHttps; 51 opt.TokenValidationParameters = tokenValidationParameters; 52 }); 53 } 54 55 /// <summary> 56 /// 注入Ocelot jwt策略,在業務API應用中的Startup的ConfigureServices調用 57 /// </summary> 58 /// <param name="services">IServiceCollection</param> 59 /// <param name="issuer">發行人</param> 60 /// <param name="audience">訂閱人</param> 61 /// <param name="secret">密鑰</param> 62 /// <param name="defaultScheme">默認架構</param> 63 /// <param name="policyName">自定義策略名稱</param> 64 /// <param name="deniedUrl">拒絕路由</param> 65 /// <param name="isHttps">是否https</param> 66 /// <returns></returns> 67 public static AuthenticationBuilder AddOcelotPolicyJwtBearer(this IServiceCollection services, string issuer, string audience, string secret, string defaultScheme, string policyName, string deniedUrl, bool isHttps = false) 68 { 69 70 var keyByteArray = Encoding.ASCII.GetBytes(secret); 71 var signingKey = new SymmetricSecurityKey(keyByteArray); 72 var tokenValidationParameters = new TokenValidationParameters 73 { 74 ValidateIssuerSigningKey = true, 75 IssuerSigningKey = signingKey, 76 ValidateIssuer = true, 77 ValidIssuer = issuer,//發行人 78 ValidateAudience = true, 79 ValidAudience = audience,//訂閱人 80 ValidateLifetime = true, 81 ClockSkew = TimeSpan.Zero, 82 RequireExpirationTime = true, 83 84 }; 85 var signingCredentials = new SigningCredentials(signingKey, SecurityAlgorithms.HmacSha256); 86 //若是第三個參數,是ClaimTypes.Role,上面集合的每一個元素的Name爲角色名稱,若是ClaimTypes.Name,即上面集合的每一個元素的Name爲用戶名 87 var permissionRequirement = new PermissionRequirement( 88 deniedUrl, 89 ClaimTypes.Role, 90 issuer, 91 audience, 92 signingCredentials, 93 expiration: TimeSpan.FromHours(10) 94 ); 95 //注入受權Handler 96 services.AddSingleton<IAuthorizationHandler, PermissionHandler>(); 97 services.AddSingleton(permissionRequirement); 98 return services.AddAuthorization(options => 99 { 100 options.AddPolicy(policyName, 101 policy => policy.Requirements.Add(permissionRequirement)); 102 103 }) 104 .AddAuthentication(options => 105 { 106 options.DefaultScheme = defaultScheme; 107 }) 108 .AddJwtBearer(defaultScheme, o => 109 { 110 //不使用https 111 o.RequireHttpsMetadata = isHttps; 112 o.TokenValidationParameters = tokenValidationParameters; 113 }); 114 } 115 /// <summary> 116 /// 注入Token生成器參數,在token生成項目的Startup的ConfigureServices中使用 117 /// </summary> 118 /// <param name="services">IServiceCollection</param> 119 /// <param name="issuer">發行人</param> 120 /// <param name="audience">訂閱人</param> 121 /// <param name="secret">密鑰</param> 122 /// <param name="deniedUrl">拒絕路由</param> 123 /// <returns></returns> 124 public static IServiceCollection AddJTokenBuild(this IServiceCollection services, string issuer, string audience, string secret, string deniedUrl) 125 { 126 var signingCredentials = new SigningCredentials(new SymmetricSecurityKey(Encoding.ASCII.GetBytes(secret)), SecurityAlgorithms.HmacSha256); 127 //若是第三個參數,是ClaimTypes.Role,上面集合的每一個元素的Name爲角色名稱,若是ClaimTypes.Name,即上面集合的每一個元素的Name爲用戶名 128 var permissionRequirement = new PermissionRequirement( 129 deniedUrl, 130 ClaimTypes.Role, 131 issuer, 132 audience, 133 signingCredentials, 134 expiration: TimeSpan.FromHours(10) 135 ); 136 return services.AddSingleton(permissionRequirement); 137 138 } 139 140 } 141 }
接下來看AuthenticationAPI項目:架構
appsettings.jsonapp
{
"Logging": {
"IncludeScopes": false,
"Debug": {
"LogLevel": {
"Default": "Information"
}
},
"Console": {
"LogLevel": {
"Default": "Information"
}
}
},
"Audience": {
"Secret": "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890",
"Issuer": "gsw",
"Audience": "everone"
}
}
Startup.csasp.net
1 using Microsoft.AspNetCore.Builder; 2 using Microsoft.AspNetCore.Hosting; 3 using Microsoft.Extensions.Configuration; 4 using Microsoft.Extensions.DependencyInjection; 5 using Ocelot.JWTAuthorizePolicy; 6 7 namespace AuthenticationAPI 8 { 9 public class Startup 10 { 11 public Startup(IConfiguration configuration) 12 { 13 Configuration = configuration; 14 } 15 public IConfiguration Configuration { get; } 16 public void ConfigureServices(IServiceCollection services) 17 { 18 var audienceConfig = Configuration.GetSection("Audience"); 19 //注入OcelotJwtBearer 20 services.AddJTokenBuild(audienceConfig["Issuer"], audienceConfig["Issuer"], audienceConfig["Secret"], "/api/denied"); 21 services.AddMvc(); 22 } 23 public void Configure(IApplicationBuilder app, IHostingEnvironment env) 24 { 25 if (env.IsDevelopment()) 26 { 27 app.UseDeveloperExceptionPage(); 28 } 29 app.UseMvc(); 30 } 31 } 32 }
PermissionController.csasync
1 using System; 2 using Microsoft.AspNetCore.Mvc; 3 using Microsoft.AspNetCore.Authorization; 4 using System.Security.Claims; 5 using Microsoft.AspNetCore.Authentication.JwtBearer; 6 using Ocelot.JWTAuthorizePolicy; 7 8 namespace AuthenticationAPI 9 { 10 public class PermissionController : Controller 11 { 12 /// <summary> 13 /// 自定義策略參數 14 /// </summary> 15 PermissionRequirement _requirement; 16 public PermissionController(PermissionRequirement requirement) 17 { 18 _requirement = requirement; 19 } 20 [AllowAnonymous] 21 [HttpPost("/authapi/login")] 22 public IActionResult Login(string username, string password) 23 { 24 var isValidated = (username == "gsw" && password == "111111")|| (username == "ggg" && password == "222222"); 25 var role=username=="gsw"?"admin" :"system"; 26 if (!isValidated) 27 { 28 return new JsonResult(new 29 { 30 Status = false, 31 Message = "認證失敗" 32 }); 33 } 34 else 35 { 36 //若是是基於用戶的受權策略,這裏要添加用戶;若是是基於角色的受權策略,這裏要添加角色 37 var claims = new Claim[] { new Claim(ClaimTypes.Name, username), new Claim(ClaimTypes.Role, role), new Claim(ClaimTypes.Expiration ,DateTime.Now.AddSeconds(_requirement.Expiration.TotalSeconds).ToString())}; 38 //用戶標識 39 var identity = new ClaimsIdentity(JwtBearerDefaults.AuthenticationScheme); 40 identity.AddClaims(claims); 41 42 var token = JwtToken.BuildJwtToken(claims, _requirement); 43 return new JsonResult(token); 44 } 45 } 46 } 47 }
DemoAAPI項目,DemoBAPI項目相似ide
appsettings.json與網關,AuthenticationAPI相同
Startup.cs
1 using System.Collections.Generic; 2 using Microsoft.AspNetCore.Builder; 3 using Microsoft.AspNetCore.Hosting; 4 using Microsoft.Extensions.Configuration; 5 using Microsoft.Extensions.DependencyInjection; 6 using Microsoft.Extensions.Logging; 7 using Ocelot.JWTAuthorizePolicy; 8 9 namespace DemoAAPI 10 { 11 public class Startup 12 { 13 public Startup(IConfiguration configuration) 14 { 15 Configuration = configuration; 16 } 17 public IConfiguration Configuration { get; } 18 public void ConfigureServices(IServiceCollection services) 19 { 20 //讀取配置文件 21 var audienceConfig = Configuration.GetSection("Audience"); 22 services.AddOcelotPolicyJwtBearer(audienceConfig["Issuer"], audienceConfig["Issuer"], audienceConfig["Secret"], "GSWBearer", "Permission", "/demoaapi/denied"); 23 24 //這個集合模擬用戶權限表,可從數據庫中查詢出來 25 var permission = new List<Permission> { 26 new Permission { Url="/demoaapi/values", Name="system"}, 27 new Permission { Url="/", Name="system"} 28 }; 29 services.AddSingleton(permission); 30 services.AddMvc(); 31 } 32 public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory) 33 { 34 loggerFactory.AddConsole(Configuration.GetSection("Logging")); 35 if (env.IsDevelopment()) 36 { 37 app.UseDeveloperExceptionPage(); 38 } 39 app.UseMvc(); 40 } 41 } 42 }
ValuesController.cs
1 using System.Collections.Generic; 2 using Microsoft.AspNetCore.Authorization; 3 using Microsoft.AspNetCore.Mvc; 4 5 namespace DemoAAPI.Controllers 6 { 7 [Authorize("Permission")] 8 [Route("demoaapi/[controller]")] 9 public class ValuesController : Controller 10 { 11 [HttpGet] 12 public IEnumerable<string> Get() 13 { 14 return new string[] { "DemoA服務", "請求" }; 15 } 16 [AllowAnonymous] 17 [HttpGet("/demoaapi/denied")] 18 public IActionResult Denied() 19 { 20 return new JsonResult(new 21 { 22 Status = false, 23 Message = "demoaapi你無權限訪問" 24 }); 25 } 26 } 27 }
OcelotGateway項目
configuration.json,注意每一個鏈接的AuthenticationOptions. AuthenticationProviderKey,要設置成
{
"ReRoutes": [
{
"DownstreamPathTemplate": "/demoaapi/values",
"DownstreamScheme": "http",
"DownstreamPort": 5001,
"DownstreamHost": "localhost",
"UpstreamPathTemplate": "/demoaapi/values",
"UpstreamHttpMethod": [ "Get" ],
"QoSOptions": {
"ExceptionsAllowedBeforeBreaking": 3,
"DurationOfBreak": 10,
"TimeoutValue": 5000
},
"HttpHandlerOptions": {
"AllowAutoRedirect": false,
"UseCookieContainer": false
},
"AuthenticationOptions": {
"AuthenticationProviderKey": "GSWBearer",
"AllowedScopes": []
}
},
{
"DownstreamPathTemplate": "/demoaapi/denied",
"DownstreamScheme": "http",
"DownstreamPort": 5001,
"DownstreamHost": "localhost",
"UpstreamPathTemplate": "/demoaapi/denied",
"UpstreamHttpMethod": [ "Get" ],
"QoSOptions": {
"ExceptionsAllowedBeforeBreaking": 3,
"DurationOfBreak": 10,
"TimeoutValue": 5000
},
"AuthenticationOptions": {
}
},
{
"DownstreamPathTemplate": "/demobapi/values",
"DownstreamScheme": "http",
"DownstreamPort": 5002,
"DownstreamHost": "localhost",
"UpstreamPathTemplate": "/demobapi/values",
"UpstreamHttpMethod": [ "Get" ],
"QoSOptions": {
"ExceptionsAllowedBeforeBreaking": 3,
"DurationOfBreak": 10,
"TimeoutValue": 5000
},
"HttpHandlerOptions": {
"AllowAutoRedirect": false,
"UseCookieContainer": false
},
"AuthenticationOptions": {
"AuthenticationProviderKey": "GSWBearer",
"AllowedScopes": []
}
},
{
"DownstreamPathTemplate": "/demobapi/denied",
"DownstreamScheme": "http",
"DownstreamPort": 5002,
"DownstreamHost": "localhost",
"UpstreamPathTemplate": "/demobapi/denied",
"UpstreamHttpMethod": [ "Get" ],
"QoSOptions": {
"ExceptionsAllowedBeforeBreaking": 3,
"DurationOfBreak": 10,
"TimeoutValue": 5000
},
"AuthenticationOptions": {
}
},
{
"DownstreamPathTemplate": "/authapi/login",
"DownstreamScheme": "http",
"DownstreamPort": 5003,
"DownstreamHost": "localhost",
"UpstreamPathTemplate": "/authapi/login",
"UpstreamHttpMethod": [ "Get", "Post" ],
"QoSOptions": {
"ExceptionsAllowedBeforeBreaking": 3,
"DurationOfBreak": 10,
"TimeoutValue": 5000
},
"AuthenticationOptions": {
}
}
]
}
Startup.cs
1 using Microsoft.AspNetCore.Builder; 2 using Microsoft.AspNetCore.Hosting; 3 using Microsoft.Extensions.Configuration; 4 using Microsoft.Extensions.DependencyInjection; 5 using Ocelot.DependencyInjection; 6 using Ocelot.Middleware; 7 using Ocelot.JWTAuthorizePolicy; 8 namespace OcelotGateway 9 { 10 public class Startup 11 { 12 public Startup(IConfiguration configuration) 13 { 14 Configuration = configuration; 15 } 16 public IConfiguration Configuration { get; } 17 public void ConfigureServices(IServiceCollection services) 18 { 19 var audienceConfig = Configuration.GetSection("Audience"); 20 //注入OcelotJwtBearer 21 services.AddOcelotJwtBearer(audienceConfig["Issuer"], audienceConfig["Issuer"], audienceConfig["Secret"], "GSWBearer"); 22 //注入配置文件,AddOcelot要求參數是IConfigurationRoot類型,因此要做個轉換 23 services.AddOcelot(Configuration as ConfigurationRoot); 24 } 25 public void Configure(IApplicationBuilder app, IHostingEnvironment env) 26 { 27 app.UseOcelot().Wait(); 28 } 29 } 30 }
接下來是測試項目,建立一個控制項目TestClient
Nuget中添加RestSharp包
Program.cs
1 using RestSharp; 2 using System; 3 using System.Diagnostics; 4 5 namespace TestClient 6 { 7 class Program 8 { 9 /// <summary> 10 /// 訪問Url 11 /// </summary> 12 static string _url = "http://127.0.0.1:5000"; 13 static void Main(string[] args) 14 { 15 16 Console.Title = "TestClient"; 17 dynamic token = null; 18 while (true) 19 { 20 Console.WriteLine("一、登陸【admin】 二、登陸【system】 三、登陸【錯誤用戶名密碼】 四、查詢HisUser數據 五、查詢LisUser數據 "); 21 var mark = Console.ReadLine(); 22 var stopwatch = new Stopwatch(); 23 stopwatch.Start(); 24 switch (mark) 25 { 26 case "1": 27 token = AdminLogin(); 28 break; 29 case "2": 30 token = SystemLogin(); 31 break; 32 case "3": 33 token = NullLogin(); 34 break; 35 case "4": 36 DemoAAPI(token); 37 break; 38 case "5": 39 DemoBAPI(token); 40 break; 41 } 42 stopwatch.Stop(); 43 TimeSpan timespan = stopwatch.Elapsed; 44 Console.WriteLine($"間隔時間:{timespan.TotalSeconds}"); 45 tokenString = "Bearer " + Convert.ToString(token?.access_token); 46 } 47 } 48 static string tokenString = ""; 49 static dynamic NullLogin() 50 { 51 var loginClient = new RestClient(_url); 52 var loginRequest = new RestRequest("/authapi/login", Method.POST); 53 loginRequest.AddParameter("username", "gswaa"); 54 loginRequest.AddParameter("password", "111111"); 55 //或用用戶名密碼查詢對應角色 56 loginRequest.AddParameter("role", "system"); 57 IRestResponse loginResponse = loginClient.Execute(loginRequest); 58 var loginContent = loginResponse.Content; 59 Console.WriteLine(loginContent); 60 return Newtonsoft.Json.JsonConvert.DeserializeObject(loginContent); 61 } 62 63 static dynamic SystemLogin() 64 { 65 var loginClient = new RestClient(_url); 66 var loginRequest = new RestRequest("/authapi/login", Method.POST); 67 loginRequest.AddParameter("username", "ggg"); 68 loginRequest.AddParameter("password", "222222"); 69 IRestResponse loginResponse = loginClient.Execute(loginRequest); 70 var loginContent = loginResponse.Content; 71 Console.WriteLine(loginContent); 72 return Newtonsoft.Json.JsonConvert.DeserializeObject(loginContent); 73 } 74 static dynamic AdminLogin() 75 { 76 var loginClient = new RestClient(_url); 77 var loginRequest = new RestRequest("/authapi/login", Method.POST); 78 loginRequest.AddParameter("username", "gsw"); 79 loginRequest.AddParameter("password", "111111"); 80 IRestResponse loginResponse = loginClient.Execute(loginRequest); 81 var loginContent = loginResponse.Content; 82 Console.WriteLine(loginContent); 83 return Newtonsoft.Json.JsonConvert.DeserializeObject(loginContent); 84 } 85 static void DemoAAPI(dynamic token) 86 { 87 var client = new RestClient(_url); 88 //這裏要在獲取的令牌字符串前加Bearer 89 string tk = "Bearer " + Convert.ToString(token?.access_token); 90 client.AddDefaultHeader("Authorization", tk); 91 var request = new RestRequest("/demoaapi/values", Method.GET); 92 IRestResponse response = client.Execute(request); 93 var content = response.Content; 94 Console.WriteLine($"狀態碼:{(int)response.StatusCode} 狀態信息:{response.StatusCode} 返回結果:{content}"); 95 } 96 static void DemoBAPI(dynamic token) 97 { 98 var client = new RestClient(_url); 99 //這裏要在獲取的令牌字符串前加Bearer 100 string tk = "Bearer " + Convert.ToString(token?.access_token); 101 client.AddDefaultHeader("Authorization", tk); 102 var request = new RestRequest("/demobapi/values", Method.GET); 103 IRestResponse response = client.Execute(request); 104 var content = response.Content; Console.WriteLine($"狀態碼:{(int)response.StatusCode} 狀態信息:{response.StatusCode} 返回結果:{content}"); 105 } 106 } 107 }
《基於.net core微服務架構視頻》
http://edu.51cto.com/course/13342.html
相關文章
- 1. Ocelot統一權限驗證
- 2. SpringCloud+OAuth2 統一權限驗證
- 3. 權限驗證
- 4. Swagger如何訪問Ocelot中帶權限驗證的API
- 5. 權限系統_shiro_身份驗證篇
- 6. Ocelot(四)- 認證與受權
- 7. SpringAOP01 利用AOP實現權限驗證、利用權限驗證服務實現權限驗證
- 8. 一文讀懂k8s rbac 權限驗證
- 9. shiro權限驗證標籤
- 10. Spring Security 的權限驗證
- 更多相關文章...
- • XML 驗證 - XML 教程
- • DTD 驗證 - DTD 教程
- • Docker容器實戰(七) - 容器眼光下的文件系統
- • Docker容器實戰(六) - 容器的隔離與限制
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
