我在 docker 容器中收到以下错误。我正在尝试使用 ocelot 和身份服务器身份验证创建 api 网关。
message: Client has NOT been authenticated for {api-path} and pipeline error set. Request for authenticated route {api-path} by was unauthenticated
Error Code: UnauthenticatedError Message: Request for authenticated route {api-path} by was unauthenticated errors found in ResponderMiddleware. Setting error response for request path:{api-path}, request method: GET
我可以看到那里的客户名称为空,但不知道为什么会这样。
下面是我的api网关中的代码
IdentityModelEventSource.ShowPII = true;
var authenticationProviderKey = "IdentityApiKey";
services.AddAuthentication().AddJwtBearer(authenticationProviderKey, x =>
{
x.Authority = "http://identityserver";
x.RequireHttpsMetadata = false;
x.TokenValidationParameters = new TokenValidationParameters
{
ValidateAudience = false
};
});
Ocelot-config.json //添加认证参数
"AuthenticationOptions": {
"AuthenticationProviderKey": "IdentityApiKey",
"AllowedScopes": [ "AdminService" ]
},
我的微服务中的代码
public void ConfigureServices(IServiceCollection services)
{
services.AddAuthentication("Bearer").AddJwtBearer("Bearer", options =>
{
options.Authority = "http://identityserver";
options.RequireHttpsMetadata = false;
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateAudience = false
};
});
........
}
public void Configure(...)
{
....
app.UseAuthentication();
app.UseAuthorization();
....
}
身份服务器中的我的 IdentityConfig
public class IdentityConfig
{
public static IEnumerable<Client> Clients => new Client[]
{
new Client
{
ClientId = "Consumer_01",
ClientName = "Consumer_01",
AllowedGrantTypes = GrantTypes.ClientCredentials,
ClientSecrets = new List<Secret> { new Secret("Consumer01".Sha256()) },
AllowedScopes = new List<String> { "consumerservice" }
},
new Client
{
ClientId = "Consumer_02",
ClientName = "Consumer_02",
AllowedGrantTypes = GrantTypes.ClientCredentials,
ClientSecrets = new List<Secret> { new Secret("Consumer02".Sha256()) },
AllowedScopes = new List<String> { "consumerservice" }
},
new Client
{
ClientId = "Provider_01",
ClientName = "Provider_01",
AllowedGrantTypes = GrantTypes.ClientCredentials,
ClientSecrets = new List<Secret> { new Secret("Provider01".Sha256()) },
AllowedScopes = new List<String> { "providerservice" }
},
new Client
{
ClientId = "Provider_02",
ClientName = "Provider_02",
AllowedGrantTypes = GrantTypes.ClientCredentials,
ClientSecrets = new List<Secret> { new Secret("Provider02".Sha256()) },
AllowedScopes = new List<String> { "providerservice" }
},
new Client
{
ClientId = "Provider_03",
ClientName = "Provider_03",
AllowedGrantTypes = GrantTypes.ClientCredentials,
ClientSecrets = new List<Secret> { new Secret("Provider03".Sha256()) },
AllowedScopes = new List<String> { "providerservice" }
},
new Client
{
ClientId = "Provider_04",
ClientName = "Provider_04",
AllowedGrantTypes = GrantTypes.ClientCredentials,
ClientSecrets = new List<Secret> { new Secret("Provider04".Sha256()) },
AllowedScopes = new List<String> { "providerservice" }
},
new Client
{
ClientId = "Admin_01",
ClientName = "Admin_01",
AllowedGrantTypes = GrantTypes.ClientCredentials,
ClientSecrets = new List<Secret> { new Secret("Admin01".Sha256()) },
AllowedScopes = new List<String> { "AdminService" }
}
};
public static IEnumerable<ApiScope> ApiScopes => new ApiScope[]
{
new ApiScope("consumerservice", "Consumer Service"),
new ApiScope("providerservice", "Provider Service"),
new ApiScope("AdminService", "AdminService")
};
public static IEnumerable<IdentityResource> GetIdentityResources()
{
return new[]
{
new IdentityResources.OpenId(),
new IdentityResources.Profile(),
new IdentityResources.Email(),
new IdentityResource
{
Name = "admin",
UserClaims = new List<string> {"admin"}
}
};
}
public static IEnumerable<ApiResource> GetApiResources()
{
return new[]
{
new ApiResource
{
}
};
}
public static List<TestUser> TestUsers()
{
return new List<TestUser> {
new TestUser {
}
};
}
}
IdentityServer 启动
public void ConfigureServices(IServiceCollection services)
{
IdentityModelEventSource.ShowPII = true;
services.AddIdentityServer()
.AddInMemoryClients(IdentityConfig.Clients)
.AddInMemoryIdentityResources(IdentityConfig.GetIdentityResources())
.AddInMemoryApiResources(IdentityConfig.GetApiResources())
.AddInMemoryApiScopes(IdentityConfig.ApiScopes)
.AddTestUsers(IdentityConfig.TestUsers())
.AddDeveloperSigningCredential();
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseRouting();
app.UseIdentityServer();
app.UseEndpoints(endpoints =>
{
endpoints.MapGet("/", async context =>
{
await context.Response.WriteAsync("Hello World!");
});
});
}
我尝试了很多东西,但似乎没有任何效果。我只收到 401 错误。
不确定我是否清楚,但如果您有任何疑问,请帮忙。谢谢。