Ocelot统一权限验证

Ocelot作为网关,可以用来作统一验证,接上一篇博客,我们继续

前一篇,我们创建了OcelotGateway网关项目,DemoAAPI项目,DemoBAPI项目,为了验证用户并分发Token,现在还需要添加AuthenticationAPI项目,也是asp.net core web api项目,整体思路是,当用户首次请求(Request)时web服务,网关会判断本请求有无Token,并是否正确,如果没有或不正确,就会反回401 Unauthorized;如果请求调用登录,正确输入用户名或密码,AuthenticationAPI会验证并分发Token;当客户端带上Token再次访问web服务时,网关就会放过本请求,当请求到达web服务时,web服务要对本Token进行授权验证,如果有访问请求的地址,会成功返回应答,负责会提示没有权验,所以只要具有正确的Token,应答返回都是200 OK,因为Token正确,只是没有权限访问请求的内容。
下面创建最重要的一个项目Ocelot.JWTAuthorizePolicy,选.NET Standard的类库作为项目模板创建本项目,本项目的作用是为网关项目(OcelotGateway),web服务项目(DemoAAPI和DemoBAPI),和AuthenticationAPI提供注入JWT或自定义策略的API,关于自定义策略,可参考(http://www.cnblogs.com/axzxs2001/p/7530929.html)
本项目中的组成部分:
Permission.cs

 1 namespace Ocelot.JWTAuthorizePolicy
 2 {
 3 /// <summary>
 4 /// 用户或角色或其他凭据实体
 5 /// </summary>
 6 public class Permission
 7 {
 8 /// <summary>
 9 /// 用户或角色或其他凭据名称
10 /// </summary>
11 public virtual string Name
12 { get; set; }
13 /// <summary>
14 /// 请求Url
15 /// </summary>
16 public virtual string Url
17 { get; set; }
18 }
19 }

PermissionRequirement.cs

 1 using Microsoft.AspNetCore.Authorization;
 2 using Microsoft.IdentityModel.Tokens;
 3 using System;
 4 using System.Collections.Generic;
 5
 6 namespace Ocelot.JWTAuthorizePolicy
 7 {
 8 /// <summary>
 9 /// 必要参数类
10 /// </summary>
11 public class PermissionRequirement : IAuthorizationRequirement
12 {
13 /// <summary>
14 /// 无权限action
15 /// </summary>
16 public string DeniedAction { get; set; }
17
18 /// <summary>
19 /// 认证授权类型
20 /// </summary>
21 public string ClaimType { internal get; set; }
22 /// <summary>
23 /// 请求路径
24 /// </summary>
25 public string LoginPath { get; set; } = "/Api/Login";
26 /// <summary>
27 /// 发行人
28 /// </summary>
29 public string Issuer { get; set; }
30 /// <summary>
31 /// 订阅人
32 /// </summary>
33 public string Audience { get; set; }
34 /// <summary>
35 /// 过期时间
36 /// </summary>
37 public TimeSpan Expiration { get; set; }
38 /// <summary>
39 /// 签名验证
40 /// </summary>
41 public SigningCredentials SigningCredentials { get; set; }
42
43 /// <summary>
44 /// 构造
45 /// </summary>
46 /// <param name="deniedAction">无权限action</param>
47 /// <param name="userPermissions">用户权限集合</param>
48
49 /// <summary>
50 /// 构造
51 /// </summary>
52 /// <param name="deniedAction">拒约请求的url</param>
53 /// <param name="claimType">声明类型</param>
54 /// <param name="issuer">发行人</param>
55 /// <param name="audience">订阅人</param>
56 /// <param name="signingCredentials">签名验证实体</param>
57 public PermissionRequirement(string deniedAction, string claimType, string issuer, string audience, SigningCredentials signingCredentials, TimeSpan expiration)
58 {
59 ClaimType = claimType;
60 DeniedAction = deniedAction;
61 Issuer = issuer;
62 Audience = audience;
63 Expiration = expiration;
64 SigningCredentials = signingCredentials;
65 }
66 }
67 }

PermissionHandler.cs

 1 using Microsoft.AspNetCore.Authentication;
 2 using Microsoft.AspNetCore.Authentication.JwtBearer;
 3 using Microsoft.AspNetCore.Authorization;
 4 using Microsoft.Extensions.DependencyInjection;
 5 using System;
 6 using System.Collections.Generic;
 7 using System.Linq;
 8 using System.Security.Claims;
 9 using System.Threading.Tasks;
10
11 namespace Ocelot.JWTAuthorizePolicy
12 {
13 /// <summary>
14 /// 权限授权Handler
15 /// </summary>
16 public class PermissionHandler : AuthorizationHandler<PermissionRequirement>
17 {
18 /// <summary>
19 /// 验证方案提供对象
20 /// </summary>
21 public IAuthenticationSchemeProvider Schemes { get; set; }
22 /// <summary>
23 /// 用户权限集合
24 /// </summary>
25 List<Permission> _permissions;
26 /// <summary>
27 /// 构造
28 /// </summary>
29 /// <param name="schemes"></param>
30 public PermissionHandler(IAuthenticationSchemeProvider schemes, List<Permission> permissions=null)
31 {
32 Schemes = schemes;
33 _permissions = permissions;
34 }
35
36 protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, PermissionRequirement requirement)
37 {
38 //从AuthorizationHandlerContext转成HttpContext,以便取出表求信息
39 var httpContext = (context.Resource as Microsoft.AspNetCore.Mvc.Filters.AuthorizationFilterContext).HttpContext;
40 //请求Url
41 var questUrl = httpContext.Request.Path.Value.ToLower();
42 //判断请求是否停止
43 var handlers = httpContext.RequestServices.GetRequiredService<IAuthenticationHandlerProvider>();
44 foreach (var scheme in await Schemes.GetRequestHandlerSchemesAsync())
45 {
46 var handler = await handlers.GetHandlerAsync(httpContext, scheme.Name) as IAuthenticationRequestHandler;
47 if (handler != null && await handler.HandleRequestAsync())
48 {
49 context.Fail();
50 return;
51 }
52 }
53 //判断请求是否拥有凭据,即有没有登录
54 var defaultAuthenticate = await Schemes.GetDefaultAuthenticateSchemeAsync();
55 if (defaultAuthenticate != null)
56 {
57 var result = await httpContext.AuthenticateAsync(defaultAuthenticate.Name);
58 //result?.Principal不为空即登录成功
59 if (result?.Principal != null)
60 {
61 httpContext.User = result.Principal;
62 //权限中是否存在请求的url
63 if (_permissions!=null&&_permissions.GroupBy(g => g.Url).Where(w => w.Key.ToLower() == questUrl).Count() > 0)
64 {
65 var name = httpContext.User.Claims.SingleOrDefault(s => s.Type == requirement.ClaimType).Value;
66 //验证权限
67 if (_permissions.Where(w => w.Name == name && w.Url.ToLower() == questUrl).Count() == 0)
68 {
69 //无权限跳转到拒绝页面
70 httpContext.Response.Redirect(requirement.DeniedAction);
71 context.Succeed(requirement);
72 return;
73 }
74 }
75 //判断过期时间
76 if (DateTime.Parse(httpContext.User.Claims.SingleOrDefault(s => s.Type == ClaimTypes.Expiration).Value) >= DateTime.Now)
77 {
78 context.Succeed(requirement);
79 }
80 else
81 {
82 context.Fail();
83 }
84 return;
85 }
86 }
87 //判断没有登录时,是否访问登录的url,并且是Post请求,并且是form表单提交类型,否则为失败
88 if (!questUrl.Equals(requirement.LoginPath.ToLower(), StringComparison.Ordinal) && (!httpContext.Request.Method.Equals("POST")
89 || !httpContext.Request.HasFormContentType))
90 {
91 context.Fail();
92 return;
93 }
94 context.Succeed(requirement);
95 }
96 }
97 }

JwtToken.cs

 1 using System;
 2 using System.IdentityModel.Tokens.Jwt;
 3 using System.Security.Claims;
 4
 5 namespace Ocelot.JWTAuthorizePolicy
 6 {
 7 /// <summary>
 8 /// JWTToken生成类
 9 /// </summary>
10 public class JwtToken
11 {
12 /// <summary>
13 /// 获取基于JWT的Token
14 /// </summary>
15 /// <param name="username"></param>
16 /// <returns></returns>
17 public static dynamic BuildJwtToken(Claim[] claims, PermissionRequirement permissionRequirement)
18 {
19 var now = DateTime.UtcNow;
20 var jwt = new JwtSecurityToken(
21 issuer: permissionRequirement.Issuer,
22 audience: permissionRequirement.Audience,
23 claims: claims,
24 notBefore: now,
25 expires: now.Add(permissionRequirement.Expiration),
26 signingCredentials: permissionRequirement.SigningCredentials
27 );
28 var encodedJwt = new JwtSecurityTokenHandler().WriteToken(jwt);
29 var responseJson = new
30 {
31 Status = true,
32 access_token = encodedJwt,
33 expires_in = permissionRequirement.Expiration.TotalMilliseconds,
34 token_type = "Bearer"
35 };
36 return responseJson;
37 }
38 }
39 }

OcelotJwtBearerExtension.cs,本类型中的方法分别用于网关,web服务,和验证服务,请参看注释

  1 using Microsoft.AspNetCore.Authentication;
  2 using Microsoft.AspNetCore.Authorization;
  3 using Microsoft.Extensions.DependencyInjection;
  4 using Microsoft.IdentityModel.Tokens;
  5 using System;
  6 using System.Collections.Generic;
  7 using System.Security.Claims;
  8 using System.Text;
  9
 10 namespace Ocelot.JWTAuthorizePolicy
 11 {
 12 /// <summary>
 13 /// Ocelot下JwtBearer扩展
 14 /// </summary>
 15 public static class OcelotJwtBearerExtension
 16 {
 17 /// <summary>
 18 /// 注入Ocelot下JwtBearer,在ocelot网关的Startup的ConfigureServices中调用
 19 /// </summary>
 20 /// <param name="services">IServiceCollection</param>
 21 /// <param name="issuer">发行人</param>
 22 /// <param name="audience">订阅人</param>
 23 /// <param name="secret">密钥</param>
 24 /// <param name="defaultScheme">默认架构</param>
 25 /// <param name="isHttps">是否https</param>
 26 /// <returns></returns>
 27 public static AuthenticationBuilder AddOcelotJwtBearer(this IServiceCollection services, string issuer, string audience, string secret, string defaultScheme, bool isHttps = false)
 28 {
 29 var keyByteArray = Encoding.ASCII.GetBytes(secret);
 30 var signingKey = new SymmetricSecurityKey(keyByteArray);
 31 var tokenValidationParameters = new TokenValidationParameters
 32 {
 33 ValidateIssuerSigningKey = true,
 34 IssuerSigningKey = signingKey,
 35 ValidateIssuer = true,
 36 ValidIssuer = issuer,//发行人
 37 ValidateAudience = true,
 38 ValidAudience = audience,//订阅人
 39 ValidateLifetime = true,
 40 ClockSkew = TimeSpan.Zero,
 41 RequireExpirationTime = true,
 42 };
 43 return services.AddAuthentication(options =>
 44 {
 45 options.DefaultScheme = defaultScheme;
 46 })
 47 .AddJwtBearer(defaultScheme, opt =>
 48 {
 49 //不使用https
 50 opt.RequireHttpsMetadata = isHttps;
 51 opt.TokenValidationParameters = tokenValidationParameters;
 52 });
 53 }
 54
 55 /// <summary>
 56 /// 注入Ocelot jwt策略,在业务API应用中的Startup的ConfigureServices调用
 57 /// </summary>
 58 /// <param name="services">IServiceCollection</param>
 59 /// <param name="issuer">发行人</param>
 60 /// <param name="audience">订阅人</param>
 61 /// <param name="secret">密钥</param>
 62 /// <param name="defaultScheme">默认架构</param>
 63 /// <param name="policyName">自定义策略名称</param>
 64 /// <param name="deniedUrl">拒绝路由</param>
 65 /// <param name="isHttps">是否https</param>
 66 /// <returns></returns>
 67 public static AuthenticationBuilder AddOcelotPolicyJwtBearer(this IServiceCollection services, string issuer, string audience, string secret, string defaultScheme, string policyName, string deniedUrl, bool isHttps = false)
 68 {
 69
 70 var keyByteArray = Encoding.ASCII.GetBytes(secret);
 71 var signingKey = new SymmetricSecurityKey(keyByteArray);
 72 var tokenValidationParameters = new TokenValidationParameters
 73 {
 74 ValidateIssuerSigningKey = true,
 75 IssuerSigningKey = signingKey,
 76 ValidateIssuer = true,
 77 ValidIssuer = issuer,//发行人
 78 ValidateAudience = true,
 79 ValidAudience = audience,//订阅人
 80 ValidateLifetime = true,
 81 ClockSkew = TimeSpan.Zero,
 82 RequireExpirationTime = true,
 83
 84 };
 85 var signingCredentials = new SigningCredentials(signingKey, SecurityAlgorithms.HmacSha256);
 86 //如果第三个参数,是ClaimTypes.Role,上面集合的每个元素的Name为角色名称,如果ClaimTypes.Name,即上面集合的每个元素的Name为用户名
 87 var permissionRequirement = new PermissionRequirement(
 88 deniedUrl,
 89 ClaimTypes.Role,
 90 issuer,
 91 audience,
 92 signingCredentials,
 93 expiration: TimeSpan.FromHours(10)
 94 );
 95 //注入授权Handler
 96 services.AddSingleton<IAuthorizationHandler, PermissionHandler>();
 97 services.AddSingleton(permissionRequirement);
 98 return services.AddAuthorization(options =>
 99 {
100 options.AddPolicy(policyName,
101 policy => policy.Requirements.Add(permissionRequirement));
102
103 })
104 .AddAuthentication(options =>
105 {
106 options.DefaultScheme = defaultScheme;
107 })
108 .AddJwtBearer(defaultScheme, o =>
109 {
110 //不使用https
111 o.RequireHttpsMetadata = isHttps;
112 o.TokenValidationParameters = tokenValidationParameters;
113 });
114 }
115 /// <summary>
116 /// 注入Token生成器参数,在token生成项目的Startup的ConfigureServices中使用
117 /// </summary>
118 /// <param name="services">IServiceCollection</param>
119 /// <param name="issuer">发行人</param>
120 /// <param name="audience">订阅人</param>
121 /// <param name="secret">密钥</param>
122 /// <param name="deniedUrl">拒绝路由</param>
123 /// <returns></returns>
124 public static IServiceCollection AddJTokenBuild(this IServiceCollection services, string issuer, string audience, string secret, string deniedUrl)
125 {
126 var signingCredentials = new SigningCredentials(new SymmetricSecurityKey(Encoding.ASCII.GetBytes(secret)), SecurityAlgorithms.HmacSha256);
127 //如果第三个参数,是ClaimTypes.Role,上面集合的每个元素的Name为角色名称,如果ClaimTypes.Name,即上面集合的每个元素的Name为用户名
128 var permissionRequirement = new PermissionRequirement(
129 deniedUrl,
130 ClaimTypes.Role,
131 issuer,
132 audience,
133 signingCredentials,
134 expiration: TimeSpan.FromHours(10)
135 );
136 return services.AddSingleton(permissionRequirement);
137
138 }
139
140 }
141 }

接下来看AuthenticationAPI项目:

appsettings.json

{
"Logging": {
"IncludeScopes": false,
"Debug": {
"LogLevel": {
"Default": "Information"
}
},
"Console": {
"LogLevel": {
"Default": "Information"
}
}
},
"Audience": {
"Secret": "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890",
"Issuer": "gsw",
"Audience": "everone"
}
}

Startup.cs

 1 using Microsoft.AspNetCore.Builder;
 2 using Microsoft.AspNetCore.Hosting;
 3 using Microsoft.Extensions.Configuration;
 4 using Microsoft.Extensions.DependencyInjection;
 5 using Ocelot.JWTAuthorizePolicy;
 6
 7 namespace AuthenticationAPI
 8 {
 9 public class Startup
10 {
11 public Startup(IConfiguration configuration)
12 {
13 Configuration = configuration;
14 }
15 public IConfiguration Configuration { get; }
16 public void ConfigureServices(IServiceCollection services)
17 {
18 var audienceConfig = Configuration.GetSection("Audience");
19 //注入OcelotJwtBearer
20 services.AddJTokenBuild(audienceConfig["Issuer"], audienceConfig["Issuer"], audienceConfig["Secret"], "/api/denied");
21 services.AddMvc();
22 }
23 public void Configure(IApplicationBuilder app, IHostingEnvironment env)
24 {
25 if (env.IsDevelopment())
26 {
27 app.UseDeveloperExceptionPage();
28 }
29 app.UseMvc();
30 }
31 }
32 }

PermissionController.cs

 1 using System;
 2 using Microsoft.AspNetCore.Mvc;
 3 using Microsoft.AspNetCore.Authorization;
 4 using System.Security.Claims;
 5 using Microsoft.AspNetCore.Authentication.JwtBearer;
 6 using Ocelot.JWTAuthorizePolicy;
 7
 8 namespace AuthenticationAPI
 9 {
10 public class PermissionController : Controller
11 {
12 /// <summary>
13 /// 自定义策略参数
14 /// </summary>
15 PermissionRequirement _requirement;
16 public PermissionController(PermissionRequirement requirement)
17 {
18 _requirement = requirement;
19 }
20 [AllowAnonymous]
21 [HttpPost("/authapi/login")]
22 public IActionResult Login(string username, string password)
23 {
24 var isValidated = (username == "gsw" && password == "111111")|| (username == "ggg" && password == "222222");
25 var role=username=="gsw"?"admin" :"system";
26 if (!isValidated)
27 {
28 return new JsonResult(new
29 {
30 Status = false,
31 Message = "认证失败"
32 });
33 }
34 else
35 {
36 //如果是基于用户的授权策略,这里要添加用户;如果是基于角色的授权策略,这里要添加角色
37 var claims = new Claim[] { new Claim(ClaimTypes.Name, username), new Claim(ClaimTypes.Role, role), new Claim(ClaimTypes.Expiration ,DateTime.Now.AddSeconds(_requirement.Expiration.TotalSeconds).ToString())};
38 //用户标识
39 var identity = new ClaimsIdentity(JwtBearerDefaults.AuthenticationScheme);
40 identity.AddClaims(claims);
41
42 var token = JwtToken.BuildJwtToken(claims, _requirement);
43 return new JsonResult(token);
44 }
45 }
46 }
47 }

DemoAAPI项目,DemoBAPI项目类似

appsettings.json与网关,AuthenticationAPI相同
Startup.cs

 1 using System.Collections.Generic;
 2 using Microsoft.AspNetCore.Builder;
 3 using Microsoft.AspNetCore.Hosting;
 4 using Microsoft.Extensions.Configuration;
 5 using Microsoft.Extensions.DependencyInjection;
 6 using Microsoft.Extensions.Logging;
 7 using Ocelot.JWTAuthorizePolicy;
 8
 9 namespace DemoAAPI
10 {
11 public class Startup
12 {
13 public Startup(IConfiguration configuration)
14 {
15 Configuration = configuration;
16 }
17 public IConfiguration Configuration { get; }
18 public void ConfigureServices(IServiceCollection services)
19 {
20 //读取配置文件
21 var audienceConfig = Configuration.GetSection("Audience");
22 services.AddOcelotPolicyJwtBearer(audienceConfig["Issuer"], audienceConfig["Issuer"], audienceConfig["Secret"], "GSWBearer", "Permission", "/demoaapi/denied");
23
24 //这个集合模拟用户权限表,可从数据库中查询出来
25 var permission = new List<Permission> {
26 new Permission { Url="/demoaapi/values", Name="system"},
27 new Permission { Url="/", Name="system"}
28 };
29 services.AddSingleton(permission);
30 services.AddMvc();
31 }
32 public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
33 {
34 loggerFactory.AddConsole(Configuration.GetSection("Logging"));
35 if (env.IsDevelopment())
36 {
37 app.UseDeveloperExceptionPage();
38 }
39 app.UseMvc();
40 }
41 }
42 }

ValuesController.cs

 1 using System.Collections.Generic;
 2 using Microsoft.AspNetCore.Authorization;
 3 using Microsoft.AspNetCore.Mvc;
 4
 5 namespace DemoAAPI.Controllers
 6 {
 7 [Authorize("Permission")]
 8 [Route("demoaapi/[controller]")]
 9 public class ValuesController : Controller
10 {
11 [HttpGet]
12 public IEnumerable<string> Get()
13 {
14 return new string[] { "DemoA服务", "请求" };
15 }
16 [AllowAnonymous]
17 [HttpGet("/demoaapi/denied")]
18 public IActionResult Denied()
19 {
20 return new JsonResult(new
21 {
22 Status = false,
23 Message = "demoaapi你无权限访问"
24 });
25 }
26 }
27 }

OcelotGateway项目

configuration.json,注意每个连接的AuthenticationOptions. AuthenticationProviderKey,要设置成

{
"ReRoutes": [
{
"DownstreamPathTemplate": "/demoaapi/values",
"DownstreamScheme": "http",
"DownstreamPort": 5001,
"DownstreamHost": "localhost",
"UpstreamPathTemplate": "/demoaapi/values",
"UpstreamHttpMethod": [ "Get" ],
"QoSOptions": {
"ExceptionsAllowedBeforeBreaking": 3,
"DurationOfBreak": 10,
"TimeoutValue": 5000
},
"HttpHandlerOptions": {
"AllowAutoRedirect": false,
"UseCookieContainer": false
},
"AuthenticationOptions": {
"AuthenticationProviderKey": "GSWBearer",
"AllowedScopes": []
}
},
{
"DownstreamPathTemplate": "/demoaapi/denied",
"DownstreamScheme": "http",
"DownstreamPort": 5001,
"DownstreamHost": "localhost",
"UpstreamPathTemplate": "/demoaapi/denied",
"UpstreamHttpMethod": [ "Get" ],
"QoSOptions": {
"ExceptionsAllowedBeforeBreaking": 3,
"DurationOfBreak": 10,
"TimeoutValue": 5000
},
"AuthenticationOptions": {
}
},
{
"DownstreamPathTemplate": "/demobapi/values",
"DownstreamScheme": "http",
"DownstreamPort": 5002,
"DownstreamHost": "localhost",
"UpstreamPathTemplate": "/demobapi/values",
"UpstreamHttpMethod": [ "Get" ],
"QoSOptions": {
"ExceptionsAllowedBeforeBreaking": 3,
"DurationOfBreak": 10,
"TimeoutValue": 5000
},
"HttpHandlerOptions": {
"AllowAutoRedirect": false,
"UseCookieContainer": false
},
"AuthenticationOptions": {
"AuthenticationProviderKey": "GSWBearer",
"AllowedScopes": []
}
},
{
"DownstreamPathTemplate": "/demobapi/denied",
"DownstreamScheme": "http",
"DownstreamPort": 5002,
"DownstreamHost": "localhost",
"UpstreamPathTemplate": "/demobapi/denied",
"UpstreamHttpMethod": [ "Get" ],
"QoSOptions": {
"ExceptionsAllowedBeforeBreaking": 3,
"DurationOfBreak": 10,
"TimeoutValue": 5000
},
"AuthenticationOptions": {
}
},
{
"DownstreamPathTemplate": "/authapi/login",
"DownstreamScheme": "http",
"DownstreamPort": 5003,
"DownstreamHost": "localhost",
"UpstreamPathTemplate": "/authapi/login",
"UpstreamHttpMethod": [ "Get", "Post" ],
"QoSOptions": {
"ExceptionsAllowedBeforeBreaking": 3,
"DurationOfBreak": 10,
"TimeoutValue": 5000
},
"AuthenticationOptions": {
}
}
]
}

Startup.cs

 1 using Microsoft.AspNetCore.Builder;
 2 using Microsoft.AspNetCore.Hosting;
 3 using Microsoft.Extensions.Configuration;
 4 using Microsoft.Extensions.DependencyInjection;
 5 using Ocelot.DependencyInjection;
 6 using Ocelot.Middleware;
 7 using Ocelot.JWTAuthorizePolicy;
 8 namespace OcelotGateway
 9 {
10 public class Startup
11 {
12 public Startup(IConfiguration configuration)
13 {
14 Configuration = configuration;
15 }
16 public IConfiguration Configuration { get; }
17 public void ConfigureServices(IServiceCollection services)
18 {
19 var audienceConfig = Configuration.GetSection("Audience");
20 //注入OcelotJwtBearer
21 services.AddOcelotJwtBearer(audienceConfig["Issuer"], audienceConfig["Issuer"], audienceConfig["Secret"], "GSWBearer");
22 //注入配置文件,AddOcelot要求参数是IConfigurationRoot类型,所以要作个转换
23 services.AddOcelot(Configuration as ConfigurationRoot);
24 }
25 public void Configure(IApplicationBuilder app, IHostingEnvironment env)
26 {
27 app.UseOcelot().Wait();
28 }
29 }
30 }

接下来是测试项目,创建一个控制项目TestClient

Nuget中添加RestSharp包
Program.cs

  1 using RestSharp;
  2 using System;
  3 using System.Diagnostics;
  4
  5 namespace TestClient
  6 {
  7 class Program
  8 {
  9 /// <summary>
 10 /// 访问Url
 11 /// </summary>
 12 static string _url = "http://127.0.0.1:5000";
 13 static void Main(string[] args)
 14 {
 15
 16 Console.Title = "TestClient";
 17 dynamic token = null;
 18 while (true)
 19 {
 20 Console.WriteLine("1、登录【admin】 2、登录【system】 3、登录【错误用户名密码】 4、查询HisUser数据 5、查询LisUser数据 ");
 21 var mark = Console.ReadLine();
 22 var stopwatch = new Stopwatch();
 23 stopwatch.Start();
 24 switch (mark)
 25 {
 26 case "1":
 27 token = AdminLogin();
 28 break;
 29 case "2":
 30 token = SystemLogin();
 31 break;
 32 case "3":
 33 token = NullLogin();
 34 break;
 35 case "4":
 36 DemoAAPI(token);
 37 break;
 38 case "5":
 39 DemoBAPI(token);
 40 break;
 41 }
 42 stopwatch.Stop();
 43 TimeSpan timespan = stopwatch.Elapsed;
 44 Console.WriteLine($"间隔时间:{timespan.TotalSeconds}");
 45 tokenString = "Bearer " + Convert.ToString(token?.access_token);
 46 }
 47 }
 48 static string tokenString = "";
 49 static dynamic NullLogin()
 50 {
 51 var loginClient = new RestClient(_url);
 52 var loginRequest = new RestRequest("/authapi/login", Method.POST);
 53 loginRequest.AddParameter("username", "gswaa");
 54 loginRequest.AddParameter("password", "111111");
 55 //或用用户名密码查询对应角色
 56 loginRequest.AddParameter("role", "system");
 57 IRestResponse loginResponse = loginClient.Execute(loginRequest);
 58 var loginContent = loginResponse.Content;
 59 Console.WriteLine(loginContent);
 60 return Newtonsoft.Json.JsonConvert.DeserializeObject(loginContent);
 61 }
 62
 63 static dynamic SystemLogin()
 64 {
 65 var loginClient = new RestClient(_url);
 66 var loginRequest = new RestRequest("/authapi/login", Method.POST);
 67 loginRequest.AddParameter("username", "ggg");
 68 loginRequest.AddParameter("password", "222222");
 69 IRestResponse loginResponse = loginClient.Execute(loginRequest);
 70 var loginContent = loginResponse.Content;
 71 Console.WriteLine(loginContent);
 72 return Newtonsoft.Json.JsonConvert.DeserializeObject(loginContent);
 73 }
 74 static dynamic AdminLogin()
 75 {
 76 var loginClient = new RestClient(_url);
 77 var loginRequest = new RestRequest("/authapi/login", Method.POST);
 78 loginRequest.AddParameter("username", "gsw");
 79 loginRequest.AddParameter("password", "111111");
 80 IRestResponse loginResponse = loginClient.Execute(loginRequest);
 81 var loginContent = loginResponse.Content;
 82 Console.WriteLine(loginContent);
 83 return Newtonsoft.Json.JsonConvert.DeserializeObject(loginContent);
 84 }
 85 static void DemoAAPI(dynamic token)
 86 {
 87 var client = new RestClient(_url);
 88 //这里要在获取的令牌字符串前加Bearer
 89 string tk = "Bearer " + Convert.ToString(token?.access_token);
 90 client.AddDefaultHeader("Authorization", tk);
 91 var request = new RestRequest("/demoaapi/values", Method.GET);
 92 IRestResponse response = client.Execute(request);
 93 var content = response.Content;
 94 Console.WriteLine($"状态码:{(int)response.StatusCode} 状态信息:{response.StatusCode} 返回结果:{content}");
 95 }
 96 static void DemoBAPI(dynamic token)
 97 {
 98 var client = new RestClient(_url);
 99 //这里要在获取的令牌字符串前加Bearer
100 string tk = "Bearer " + Convert.ToString(token?.access_token);
101 client.AddDefaultHeader("Authorization", tk);
102 var request = new RestRequest("/demobapi/values", Method.GET);
103 IRestResponse response = client.Execute(request);
104 var content = response.Content; Console.WriteLine($"状态码:{(int)response.StatusCode} 状态信息:{response.StatusCode} 返回结果:{content}");
105 }
106 }
107 }

代码下载

时间: 2024-10-16 07:53:52

Ocelot统一权限验证的相关文章

squash相关权限验证

实验3squash相关权限验证 实验环境 在虚拟机Linux 6.5系统下需要2台Linux系统一台A作为服务端一条B作为测试客户端开启2台Linux系统. 实验目标 A作为服务端配置NFS服务器设置squash相关权限. B作为测试客户端验证服务器A的共享是否有效. 实验步骤 1.  首先将A,B放到同一网段中为了以后实验方便配置永久起效的静态IP地址验证AB能否通信.接着上步实验做这里不做过多涉及. 2.  创建一个共享目录/public并设置完全权限. [[email protected]

2_MVC+EF+Autofac(dbfirst)轻型项目框架_用户权限验证

前言 接上面两篇 0_MVC+EF+Autofac(dbfirst)轻型项目框架_基本框架 与 1_MVC+EF+Autofac(dbfirst)轻型项目框架_core层(以登陆为例) .在第一篇中介绍了此架构的基本分层,在第二篇中,以登陆功能为例,介绍了项目的代码结构.在本篇中将通过过滤器实现用户权限验证功能. 同样,文中有问题的地方欢迎批评指正!谢谢! 开发背景  在一个常规系统中权限验证是不可缺的,在较简单的系统中,用户只会被简单归为登陆用户和游客,而在较为复杂的系统中,除了判断用户是否登

Action权限验证

1 Action添加特性 [PermissionFilterForJson(Name = "AdvertiserId", ActionName = EaActionNames.广告主相关_广告主上线,Type = (int) EaEnum.LoginType.Advertiser)] public JsonResult AdvertiserEffect(ExEaAdvertiserModel model) { MessageInfo msg = _eaAdvertiserAuditBu

【ASP.NET】ASP.NET中权限验证使用OnAuthorization实现

在项目开发中,通常我们都会涉及到用户登录才能访问的网页,比如购物网站,我们浏览商品,添加购物车(以前开发的时候在这里就需要登录用户,但是现在有了缓存的实现,这里可以将商品加入缓存,等到结账的时候再登录),选择结账的时候需要登录,那么这时候我们需要跳转到登录页面登录,登录之后还可以回到记录下来的原始的页面,那么这之后我们有好几种方法可以实现这种效果,下面笔者举例两种: 第一种:登录模块不管怎么样都是统一的,就是在每个需要登录的方法里面判断用户是否登录,如果没有登录,则跳转登录,这种的缺点是工作量大

[Abp 源码分析]十二、多租户体系与权限验证

0.简介 承接上篇文章我们会在这篇文章详细解说一下 Abp 是如何结合 IPermissionChecker 与 IFeatureChecker 来实现一个完整的多租户系统的权限校验的. 1.多租户的概念 多租户系统又被称之为 Saas ,比如阿里云就是一个典型的多租户系统,用户本身就是一个租户,可以在上面购买自己的 ECS 实例,并且自己的数据与其他使用者(租户)所隔绝,两者的数据都是不可见的. 那么 Abp 是如何实现数据隔离的呢? 1.1 单部署-单数据库 如果你的软件系统仅部署一个实例,

PHP.48-TP框架商城应用实例-后台23-权限管理-权限验证

权限验证 1.登录控制器 2.通过tp验证码类生成验证码图片 3.在管理员模型增加登录验证规则 4.后台中所有的控制器必须先登录才能访问 思路:在访问任何一个控制器之前都判断一个session即可,=>增加一个父控制器验证Session 让所有后台的控制器[除了Login控制器之外的]都继承自这个控制器 5.在管理员访问后台的任何一个页面之前先到数据库中查看当前管理员所在的角色是否有权限访问这个页面 在权限模型中增加此检查方法,在父类登录控制器中调用 6.后台左侧只显示当前管理员有权限访问的按钮

【3】.net MVC 使用IPrincipal进行Form登录即权限验证

1.在MVC项目中添加用户类,可以根据实际项目需求添加必要属性 public class UserData { /// <summary> /// ID /// </summary> public int UserId { get; set; } /// <summary> /// 用户名 /// </summary> public string UserName { get; set; } /// <summary> /// 角色ID列表 //

App登陆java后台处理和用户权限验证

最近做一个app项目,后台我独自一人开发,开发任务顺序安排上没有把登陆,注册和权限验证这些基本功能放在第一阶段开发,现在是部分业务相关功能已经完成,但是用户入口竟然还没有,只能说明当初需求分析的时候还是太过于着急了,把最基本的用户入口给放到后面了. 现在就需要在现有代码的基础上添加用户登录和权限验证功能. 关于登录和权限验证方面,参照以前做iOS的开发经验,App端提供用户名和密码换取token,每次通过换取的token请求需要登陆权限的操作. 现在反过来,我就需要考虑下面几个问题: 1.在现有

SpringMVC+Apache Shiro+JPA(hibernate)案例教学(二)基于SpringMVC+Shiro的用户登录权限验证

序: 在上一篇中,咱们已经对于项目已经做了基本的配置,这一篇文章开始学习Shiro如何对登录进行验证. 教学: 一.Shiro配置的简要说明. 有心人可能注意到了,在上一章的applicationContext.xml配置文件中,包含以下配置. <!-- 項目自定义的Realm --> <bean id="shiroDbRealm" class="org.shiro.demo.service.realm.ShiroDbRealm" ><