我正在尝试在 Api 网关中设置 Ocelot,但我被困在授权上。我已经设法设置了声明,并且可以在我的控制器中对它们进行授权。我向这样的用户添加声明:
await userManager.AddClaimAsync(user, new Claim(ClaimTypes.Role, configuration["InitialAdmin:Role"]));
然后我使用以下配置设置 Ocelot:
{
"ReRoutes": [
{
"DownstreamPathTemplate": "/api/home/user",
"DownstreamScheme": "http",
"DownstreamHostAndPorts": [
{
"Host": "localhost",
"Port": 5001
}
],
"UpstreamPathTemplate": "/api/home/user",
"RouteClaimsRequirement": {
"Role": "user"
}
},
{
"DownstreamPathTemplate": "/api/home/admin",
"DownstreamScheme": "http",
"DownstreamHostAndPorts": [
{
"Host": "localhost",
"Port": 5001
}
],
"UpstreamPathTemplate": "/api/home/admin",
"RouteClaimsRequirement": {
"Role": "SuperAdmin"
}
}
],
"GlobalConfiguration": {
"BaseUrl": "https://localhost:5000"
}
}
这是我的 ConfigureServices 方法:
public void ConfigureServices(IServiceCollection services)
{
services.Configure<CookiePolicyOptions>(options =>
{
// This lambda determines whether user consent for non-essential cookies is needed for a given request.
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
services.AddIdentity<CondatoUser, IdentityRole>(options =>
{
//Signin config
options.SignIn.RequireConfirmedEmail = true;
//Password config
options.Password.RequiredLength = 8;
options.Password.RequireNonAlphanumeric = false;
options.Password.RequireLowercase = false;
options.Password.RequireUppercase = false;
//User config
options.User.RequireUniqueEmail = true;
})
.AddDefaultUI()
.AddEntityFrameworkStores<UserManagementDbContext>();
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2);
services.AddOcelot(Configuration);
}
然后我登录到这个网关 Api(它是一个 MVC 项目,具有用于登录/注册/等的默认 UI)并尝试访问以下 URL:
https://localhost:5000/api/home/admin
但是,我总是得到 403 状态。当我删除RouteClaimsRequirement时,它可以工作。所以我想我遗漏了一些东西,但我不知道文档RouteClaimsRequirement有点稀疏。
有人可以帮我吗?谢谢。