OCelot Identity Server:消息:对经过身份验证的路由{api-Path}的请求未经过身份验证 [英] Ocelot Identity Server: message: Request for authenticated route {api-path} by was unauthenticated
本文介绍了OCelot Identity Server:消息:对经过身份验证的路由{api-Path}的请求未经过身份验证的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我在停靠容器中收到以下错误。我正在尝试使用ocelot和身份服务器身份验证创建API网关。
message: Client has NOT been authenticated for {api-path} and pipeline error set. Request for authenticated route {api-path} by was unauthenticated
Error Code: UnauthenticatedError Message: Request for authenticated route {api-path} by was unauthenticated errors found in ResponderMiddleware. Setting error response for request path:{api-path}, request method: GET
我可以看到那里的客户端名称为空,但不确定为什么会发生这种情况。
下面是我的API网关中的代码
IdentityModelEventSource.ShowPII = true;
var authenticationProviderKey = "IdentityApiKey";
services.AddAuthentication().AddJwtBearer(authenticationProviderKey, x =>
{
x.Authority = "http://identityserver";
x.RequireHttpsMetadata = false;
x.TokenValidationParameters = new TokenValidationParameters
{
ValidateAudience = false
};
});
ocelot-config.json//添加鉴权参数
"AuthenticationOptions": {
"AuthenticationProviderKey": "IdentityApiKey",
"AllowedScopes": [ "AdminService" ]
},
我的微服务中的代码
public void ConfigureServices(IServiceCollection services)
{
services.AddAuthentication("Bearer").AddJwtBearer("Bearer", options =>
{
options.Authority = "http://identityserver";
options.RequireHttpsMetadata = false;
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateAudience = false
};
});
........
}
public void Configure(...)
{
....
app.UseAuthentication();
app.UseAuthorization();
....
}
身份服务器中的我的身份配置
public class IdentityConfig
{
public static IEnumerable<Client> Clients => new Client[]
{
new Client
{
ClientId = "Consumer_01",
ClientName = "Consumer_01",
AllowedGrantTypes = GrantTypes.ClientCredentials,
ClientSecrets = new List<Secret> { new Secret("Consumer01".Sha256()) },
AllowedScopes = new List<String> { "consumerservice" }
},
new Client
{
ClientId = "Consumer_02",
ClientName = "Consumer_02",
AllowedGrantTypes = GrantTypes.ClientCredentials,
ClientSecrets = new List<Secret> { new Secret("Consumer02".Sha256()) },
AllowedScopes = new List<String> { "consumerservice" }
},
new Client
{
ClientId = "Provider_01",
ClientName = "Provider_01",
AllowedGrantTypes = GrantTypes.ClientCredentials,
ClientSecrets = new List<Secret> { new Secret("Provider01".Sha256()) },
AllowedScopes = new List<String> { "providerservice" }
},
new Client
{
ClientId = "Provider_02",
ClientName = "Provider_02",
AllowedGrantTypes = GrantTypes.ClientCredentials,
ClientSecrets = new List<Secret> { new Secret("Provider02".Sha256()) },
AllowedScopes = new List<String> { "providerservice" }
},
new Client
{
ClientId = "Provider_03",
ClientName = "Provider_03",
AllowedGrantTypes = GrantTypes.ClientCredentials,
ClientSecrets = new List<Secret> { new Secret("Provider03".Sha256()) },
AllowedScopes = new List<String> { "providerservice" }
},
new Client
{
ClientId = "Provider_04",
ClientName = "Provider_04",
AllowedGrantTypes = GrantTypes.ClientCredentials,
ClientSecrets = new List<Secret> { new Secret("Provider04".Sha256()) },
AllowedScopes = new List<String> { "providerservice" }
},
new Client
{
ClientId = "Admin_01",
ClientName = "Admin_01",
AllowedGrantTypes = GrantTypes.ClientCredentials,
ClientSecrets = new List<Secret> { new Secret("Admin01".Sha256()) },
AllowedScopes = new List<String> { "AdminService" }
}
};
public static IEnumerable<ApiScope> ApiScopes => new ApiScope[]
{
new ApiScope("consumerservice", "Consumer Service"),
new ApiScope("providerservice", "Provider Service"),
new ApiScope("AdminService", "AdminService")
};
public static IEnumerable<IdentityResource> GetIdentityResources()
{
return new[]
{
new IdentityResources.OpenId(),
new IdentityResources.Profile(),
new IdentityResources.Email(),
new IdentityResource
{
Name = "admin",
UserClaims = new List<string> {"admin"}
}
};
}
public static IEnumerable<ApiResource> GetApiResources()
{
return new[]
{
new ApiResource
{
}
};
}
public static List<TestUser> TestUsers()
{
return new List<TestUser> {
new TestUser {
}
};
}
}
标识服务器启动
public void ConfigureServices(IServiceCollection services)
{
IdentityModelEventSource.ShowPII = true;
services.AddIdentityServer()
.AddInMemoryClients(IdentityConfig.Clients)
.AddInMemoryIdentityResources(IdentityConfig.GetIdentityResources())
.AddInMemoryApiResources(IdentityConfig.GetApiResources())
.AddInMemoryApiScopes(IdentityConfig.ApiScopes)
.AddTestUsers(IdentityConfig.TestUsers())
.AddDeveloperSigningCredential();
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseRouting();
app.UseIdentityServer();
app.UseEndpoints(endpoints =>
{
endpoints.MapGet("/", async context =>
{
await context.Response.WriteAsync("Hello World!");
});
});
}
我试了很多方法,但似乎都不管用。我只收到401个错误。
不确定我是否清楚,但如果您有什么问题,请帮助我。谢谢。
推荐答案
我遇到了相同的错误,并且我的代码具有相同的结构。
我正在从http(Ocelot Url)重新路由,而我想,至少对我来说,解决方案是从http重新路由。
示例:https://localhost:5001/rerouteDestination
希望它能解决别人的问题
这篇关于OCelot Identity Server:消息:对经过身份验证的路由{api-Path}的请求未经过身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文