Ocelot 身份服务器：消息：请求经过身份验证的路由 {api-path} 未经身份验证

如何解决Ocelot 身份服务器：消息：请求经过身份验证的路由 {api-path} 未经身份验证

我在 docker 容器中收到以下错误。我正在尝试使用 ocelot 和身份服务器身份验证创建 api 网关。

message: Client has NOT been authenticated for {api-path} and pipeline error set. Request for authenticated route {api-path} by  was unauthenticated
Error Code: UnauthenticatedError Message: Request for authenticated route {api-path} by  was unauthenticated errors found in ResponderMiddleware. Setting error response for request path:{api-path},request method: GET

我可以看到那里的客户名称为空，但不知道为什么会这样。

下面是我的api网关中的代码

                IdentityModelEventSource.ShowPII = true;

                var authenticationProviderKey = "IdentityApiKey";

                services.AddAuthentication().AddJwtBearer(authenticationProviderKey,x =>
                {
                    x.Authority = "http://identityserver";
                    x.RequireHttpsMetadata = false;
                    x.TokenValidationParameters = new TokenValidationParameters
                    {
                        ValidateAudience = false
                    };
                });

Ocelot-config.json //添加认证参数

"AuthenticationOptions": {
    "AuthenticationProviderKey": "IdentityApiKey","AllowedScopes": [ "AdminService" ]
  },

我的微服务中的代码

public void ConfigureServices(IServiceCollection services)
    {
            services.AddAuthentication("Bearer").AddJwtBearer("Bearer",options =>
            {
                options.Authority = "http://identityserver";
                options.RequireHttpsMetadata = false;
                options.TokenValidationParameters = new TokenValidationParameters
                {
                    ValidateAudience = false
                };
            });
     ........
 }
 
 public void Configure(...)
 {
      ....
      app.UseAuthentication();
      app.UseAuthorization();
      ....
 }

身份服务器中的我的 IdentityConfig

public class IdentityConfig
{
    public static IEnumerable<Client> Clients => new Client[]
    {
        new Client
        {
            ClientId = "Consumer_01",ClientName = "Consumer_01",AllowedGrantTypes = GrantTypes.ClientCredentials,ClientSecrets = new List<Secret> { new Secret("Consumer01".Sha256()) },AllowedScopes = new List<String> { "consumerservice" }
        },new Client
        {
            ClientId = "Consumer_02",ClientName = "Consumer_02",ClientSecrets = new List<Secret> { new Secret("Consumer02".Sha256()) },new Client
        {
            ClientId = "Provider_01",ClientName = "Provider_01",ClientSecrets = new List<Secret> { new Secret("Provider01".Sha256()) },AllowedScopes = new List<String> { "providerservice" }
        },new Client
        {
            ClientId = "Provider_02",ClientName = "Provider_02",ClientSecrets = new List<Secret> { new Secret("Provider02".Sha256()) },new Client
        {
            ClientId = "Provider_03",ClientName = "Provider_03",ClientSecrets = new List<Secret> { new Secret("Provider03".Sha256()) },new Client
        {
            ClientId = "Provider_04",ClientName = "Provider_04",ClientSecrets = new List<Secret> { new Secret("Provider04".Sha256()) },new Client
        {
            ClientId = "Admin_01",ClientName = "Admin_01",ClientSecrets = new List<Secret> { new Secret("Admin01".Sha256()) },AllowedScopes = new List<String> { "AdminService" }
        }
    };

    public static IEnumerable<ApiScope> ApiScopes => new ApiScope[]
    {
         new ApiScope("consumerservice","Consumer Service"),new ApiScope("providerservice","Provider Service"),new ApiScope("AdminService","AdminService")
    };

    public static IEnumerable<IdentityResource> GetIdentityResources()
    {
        return new[]
        {
            new IdentityResources.OpenId(),new IdentityResources.Profile(),new IdentityResources.Email(),new IdentityResource
            {
                Name = "admin",UserClaims = new List<string> {"admin"}
            }
        };
    }

    public static IEnumerable<ApiResource> GetApiResources()
    {
        return new[]
        {
            new ApiResource
            {

            }
        };
    }

    public static List<TestUser> TestUsers()
    {
        return new List<TestUser> {
            new TestUser {

            }
        };
    }
}

IdentityServer 启动

public void ConfigureServices(IServiceCollection services)
        {
            IdentityModelEventSource.ShowPII = true;

            services.AddIdentityServer()
                     .AddInMemoryClients(IdentityConfig.Clients)
                     .AddInMemoryIdentityResources(IdentityConfig.GetIdentityResources())
                     .AddInMemoryApiResources(IdentityConfig.GetApiResources())
                     .AddInMemoryApiScopes(IdentityConfig.ApiScopes)
                     .AddTestUsers(IdentityConfig.TestUsers())
                     .AddDeveloperSigningCredential();
        }

public void Configure(IApplicationBuilder app,IWebHostEnvironment env)
        {
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
            }

            app.UseRouting();
            app.UseIdentityServer();
            app.UseEndpoints(endpoints =>
            {
                endpoints.MapGet("/",async context =>
                {
                    await context.Response.WriteAsync("Hello World!");
                });
            });
        }
    

我尝试了很多东西，但似乎没有任何效果。我只收到 401 错误。

不确定我是否清楚，但如果您有任何疑问，请帮忙。谢谢。

版权声明：本文内容由互联网用户自发贡献，该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务，不拥有所有权，不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容， 请发送邮件至 dio@foxmail.com 举报，一经查实，本站将立刻删除。