简介
主要是采用identity Server4 和ocelot 加上consul 实现简单的客户端模式
开发准备
环境准备
- 下载并安装Consul具体请参考前几篇的内容
项目介绍
- 创建ocelotServerTest项目
- 创建IdentityServer4Test项目
- 创建consulServer项目(API项目)
1.创建Consulserver项目
参考该地址进行创建:微服务(入门二):netcore通过consul注册服务
2.创建identityServer项目
参考该地址进行创建:微服务(入门四):identityServer的简单使用(客户端授权)
3.创建ocelotServerTest项目
3.1创建一个webAPI项目
3.2 修改startUP配置,添加authentication认证
using System; using System.Collections.Generic; using System.Linq; using System.Threading.Tasks; using IdentityServer4.AccessTokenValidation; using Microsoft.AspNetCore.Authentication.JwtBearer; using Microsoft.AspNetCore.Builder; using Microsoft.AspNetCore.Hosting; using Microsoft.AspNetCore.HttpsPolicy; using Microsoft.AspNetCore.Mvc; using Microsoft.Extensions.Configuration; using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.Logging; using Microsoft.Extensions.Options; using netCore; using Ocelot.DependencyInjection; using Ocelot.Middleware; using Ocelot.Provider.Consul; using Ocelot.Provider.Polly; namespace IdentityServer4Test { public class Startup { public Startup(IConfiguration configuration) { Configuration = configuration; } public IConfiguration Configuration { get; } // This method gets called by the runtime. Use this method to add services to the container. public void ConfigureServices(IServiceCollection services) { services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1); services .AddAuthentication(JwtBearerDefaults.AuthenticationScheme)//添加认证 .AddIdentityServerAuthentication("TestKey", o => { o.Authority = "http://127.0.0.1:3322";//要认证的服务器地址 o.RequireHttpsMetadata = false;//不启用https o.ApiName = "api1";//要认证的服务名称 }); services.AddOcelot(Configuration).AddConsul().AddPolly(); } // This method gets called by the runtime. Use this method to configure the HTTP request pipeline. public void Configure(IApplicationBuilder app, IHostingEnvironment env) { if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); } else { app.UseHsts(); } app.UseMvc(); app.UseOcelot().Wait(); app.UseAuthentication(); } } }
3.3创建ocelot.json文件并且添加AuthenticationOptions
"AuthenticationOptions": { "AuthenticationProviderKey": "TestKey", "AllowedScopes": [] }
{ "ReRoutes": [ { //下游路由模板,真实请求的路径 "DownstreamPathTemplate": "/api/{everything}", //请求的方式,例如:http,https "DownstreamScheme": "http", //服务器名称 "ServiceName": "zyz1", //启用consul服务 "UseServiceDiscovery": true, //服务熔断 "QoSOptions": { "ExceptionsAllowedBeforeBreaking": 3, //允许多少次异常请求 "DurationOfBreak": 5, //熔断时间,单位为秒 "TimeoutValue": 5000 //如果下游请求的处理时间超过多少则自动设置超时 }, //"RateLimitOptions": { // "ClientWhitelist": [ "admin" ], // 白名单 // "EnableRateLimiting": true, // 是否启用限流 // "