如何解决Ocelot 身份服务器:消息:请求经过身份验证的路由 {api-path} 未经身份验证
我在 docker 容器中收到以下错误。我正在尝试使用 ocelot 和身份服务器身份验证创建 api 网关。
message: Client has NOT been authenticated for {api-path} and pipeline error set. Request for authenticated route {api-path} by was unauthenticated
Error Code: UnauthenticatedError Message: Request for authenticated route {api-path} by was unauthenticated errors found in ResponderMiddleware. Setting error response for request path:{api-path},request method: GET
我可以看到那里的客户名称为空,但不知道为什么会这样。
下面是我的api网关中的代码
IdentityModelEventSource.ShowPII = true;
var authenticationProviderKey = "IdentityApiKey";
services.AddAuthentication().AddJwtBearer(authenticationProviderKey,x =>
{
x.Authority = "http://identityserver";
x.RequireHttpsMetadata = false;
x.TokenValidationParameters = new TokenValidationParameters
{
ValidateAudience = false
};
});
Ocelot-config.json //添加认证参数
"AuthenticationOptions": {
"AuthenticationProviderKey": "IdentityApiKey","AllowedScopes": [ "AdminService" ]
},
我的微服务中的代码
public void ConfigureServices(IServiceCollection services)
{
services.AddAuthentication("Bearer").AddJwtBearer("Bearer",options =>
{
options.Authority = "http://identityserver";
options.RequireHttpsMetadata = false;
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateAudience = false
};
});
........
}
public void Configure(...)
{
....
app.UseAuthentication();
app.UseAuthorization();
....
}
身份服务器中的我的 IdentityConfig
public class IdentityConfig
{
public static IEnumerable<Client> Clients => new Client[]
{
new Client
{
ClientId = "Consumer_01",ClientName = "Consumer_01",AllowedGrantTypes = GrantTypes.ClientCredentials,ClientSecrets = new List<Secret> { new Secret("Consumer01".Sha256()) },AllowedScopes = new List<String> { "consumerservice" }
},new Client
{
ClientId = "Consumer_02",ClientName = "Consumer_02",ClientSecrets = new List<Secret> { new Secret("Consumer02".Sha256()) },new Client
{
ClientId = "Provider_01",ClientName = "Provider_01",ClientSecrets = new List<Secret> { new Secret("Provider01".Sha256()) },AllowedScopes = new List<String> { "providerservice" }
},new Client
{
ClientId = "Provider_02",ClientName = "Provider_02",ClientSecrets = new List<Secret> { new Secret("Provider02".Sha256()) },new Client
{
ClientId = "Provider_03",ClientName = "Provider_03",ClientSecrets = new List<Secret> { new Secret("Provider03".Sha256()) },new Client
{
ClientId = "Provider_04",ClientName = "Provider_04",ClientSecrets = new List<Secret> { new Secret("Provider04".Sha256()) },new Client
{
ClientId = "Admin_01",ClientName = "Admin_01",ClientSecrets = new List<Secret> { new Secret("Admin01".Sha256()) },AllowedScopes = new List<String> { "AdminService" }
}
};
public static IEnumerable<ApiScope> ApiScopes => new ApiScope[]
{
new ApiScope("consumerservice","Consumer Service"),new ApiScope("providerservice","Provider Service"),new ApiScope("AdminService","AdminService")
};
public static IEnumerable<IdentityResource> GetIdentityResources()
{
return new[]
{
new IdentityResources.OpenId(),new IdentityResources.Profile(),new IdentityResources.Email(),new IdentityResource
{
Name = "admin",UserClaims = new List<string> {"admin"}
}
};
}
public static IEnumerable<ApiResource> GetApiResources()
{
return new[]
{
new ApiResource
{
}
};
}
public static List<TestUser> TestUsers()
{
return new List<TestUser> {
new TestUser {
}
};
}
}
IdentityServer 启动
public void ConfigureServices(IServiceCollection services)
{
IdentityModelEventSource.ShowPII = true;
services.AddIdentityServer()
.AddInMemoryClients(IdentityConfig.Clients)
.AddInMemoryIdentityResources(IdentityConfig.GetIdentityResources())
.AddInMemoryApiResources(IdentityConfig.GetApiResources())
.AddInMemoryApiScopes(IdentityConfig.ApiScopes)
.AddTestUsers(IdentityConfig.TestUsers())
.AddDeveloperSigningCredential();
}
public void Configure(IApplicationBuilder app,IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseRouting();
app.UseIdentityServer();
app.UseEndpoints(endpoints =>
{
endpoints.MapGet("/",async context =>
{
await context.Response.WriteAsync("Hello World!");
});
});
}
我尝试了很多东西,但似乎没有任何效果。我只收到 401 错误。
不确定我是否清楚,但如果您有任何疑问,请帮忙。谢谢。
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。