blazor_dotnet8

Blazor .NET 8 Microservices 2 Blazor Client Ocelot Gateway and Securing API with Duende Identity Server

Part 1: Demonstrates ASP.NET Core Web API, Blazor Web App and Securing API with Duende Identity Server
Click here Part 1

Part 2: Demonstrates Ocelot Gateway in a Blazor .NET 8 application.
Click here Part 2

Projects
Project NamePortTemplate
Microser.IdS:5001Duende IdentityServer with Entity Framework Stores (Duende Software)
Microser.API.Weather:6001ASP.NET Core Web API
Microser.ApiGateway:6501ASP.NET Core Empty
Microser.BlazorAppClient:7001Blazor Web App
Microser.ApiGateway - Ocelot Gateway Project

Ocelot is a lightweight API Gateway that sits in front of your microservices architecture, providing features like routing, load balancing, authentication, and more. By setting up the Ocelot middleware, adding authentication services, and loading the Ocelot configuration, developers can create a robust API Gateway for their applications. Understanding and implementing Ocelot in your projects can enhance security, scalability, and routing capabilities.

Program.cs

using Microsoft.IdentityModel.Tokens;
using Ocelot.DependencyInjection;
using Ocelot.Middleware;

internal class Program
{
    private static void Main(string[] args)
    {
        var builder = WebApplication.CreateBuilder(args);

        builder.Configuration.AddJsonFile("ocelot.json", optional: false, reloadOnChange: true);

        var authenticationProviderKey = "IdentityApiKey";

        builder.Services.AddAuthentication()
        .AddJwtBearer(authenticationProviderKey, x =>
        {
            x.Authority = "https://localhost:5001";
            x.TokenValidationParameters = new TokenValidationParameters
            {
                ValidateAudience = false
            };
        });

        builder.Services.AddOcelot(builder.Configuration);

        var app = builder.Build();

        app.UseOcelot().Wait();

        app.Run();
    }
}

It sets up the Ocelot middleware, adds authentication services for JWT Bearer authentication, and loads the Ocelot configuration from the ocelot.json file.

ocelot.json

{
  "Routes": [
    {
      "DownstreamPathTemplate": "/api/weatherforecast",
      "DownstreamScheme": "https",
      "DownstreamHostAndPorts": [
        {
          "Host": "localhost",
          "Port": 6001
        }
      ],
      "UpstreamPathTemplate": "/weatherforecast",
      "UpstreamHttpMethod": [ "GET", "POST" ],
      "AuthenticationOptions": {
        "AuthenticationProviderKey": "IdentityApiKey",
        "AllowedScopes": []
      }
    },
    {
      "DownstreamPathTemplate": "/api/weatherforecast/{id}",
      "DownstreamScheme": "https",
      "DownstreamHostAndPorts": [
        {
          "Host": "localhost",
          "Port": 6001
        }
      ],
      "UpstreamPathTemplate": "/weatherforecast/{id}",
      "UpstreamHttpMethod": [ "GET", "PUT", "DELETE" ],
      "AuthenticationOptions": {
        "AuthenticationProviderKey": "IdentityApiKey",
        "AllowedScopes": []
      }
    },


  ]
}

The provided JSON snippet represents the configuration for two routes in the Ocelot Gateway. Each route defines how requests are handled and secured when interacting with the downstream service.

Routes: Define the mapping between upstream and downstream paths along with associated configurations.
DownstreamPathTemplate: Specifies the path template of the downstream service.
DownstreamScheme: Indicates the scheme (HTTP/HTTPS) of the downstream service.
DownstreamHostAndPorts: Specifies the host and port of the downstream service.
UpstreamPathTemplate: Defines the path template of the upstream request.
UpstreamHttpMethod: Specifies the HTTP methods allowed for the upstream path.
AuthenticationOptions: Contains settings related to authentication and authorization.
AuthenticationProviderKey: Identifies the authentication provider to be used.
AllowedScopes: Lists the scopes allowed for accessing the route.

The provided Ocelot Gateway configuration snippet demonstrates how routes are defined to secure APIs using Duende Identity Server. By specifying the path mappings, HTTP methods, and authentication settings, developers can ensure secure communication between the client and downstream services. This setup enhances the overall security and control over API access within a microservices architecture.

Source

Full source code is available at this repository in GitHub:
https://github.com/akifmt/DotNetCoding/tree/main/src/Microser