9

我使用 ocelot 作为我的微服务的 API 网关,使用 IdentityServer4 进行身份验证。在 ocelot 配置文件中,我添加了“AuthenticationOptions”并设置了 api 密钥。在启动中,我添加了身份服务器。在身份服务器中,我使用标头中的值来动态构建连接字符串。当我发送获取令牌的请求时,可以在身份服务中访问标头。但是当我使用令牌发送下一个请求时,原始标头不可用。在身份服务中只能看到“主机”标头。

有没有办法在将请求路由到身份服务器时保留原始标头?

Startup.cs(添加身份服务器)

services
    .AddAuthentication()
    .AddIdentityServerAuthentication("APIParts", options =>
    {
        options.Authority = "http://localhost:60168";
        options.RequireHttpsMetadata = false;
        options.ApiName = "Parts";
        options.SupportedTokens = SupportedTokens.Both;
    });

豹猫.json

ReRoutes": [
{
  "DownstreamPathTemplate": "/connect/token",
  "DownstreamScheme": "http",
  "DownstreamHostAndPorts": [
    {
      "Host": "localhost",
      "Port": 60168
    }
  ],
  "UpstreamPathTemplate": "/token",
  "UpstreamHttpMethod": [ "Post" ]
},
{
  "DownstreamPathTemplate": "/api/Parts/Inventory",
  "DownstreamScheme": "http",
  "DownstreamHostAndPorts": [
    {
      "Host": "localhost",
      "Port": 65241
    }
  ],
  "UpstreamPathTemplate": "/api/Parts/Inventory",
  "AuthenticationOptions": {
    "AuthenticationProviderKey": "APIParts",
    "AllowedScopes": []
  }
}]
4

1 回答 1

0

I'm not familiar with Ocelot, but in my architecture I have IdentityServer running behind a Load Balancer and routed in a Kubernetes cluster via a Nginx Ingress and this required me to configure header forwarding in my IdentityServer's Startup.Configure method like so:

var forwardOptions = new ForwardedHeadersOptions
{
    ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto,
    RequireHeaderSymmetry = false
};

forwardOptions.KnownNetworks.Clear();
forwardOptions.KnownProxies.Clear();
app.UseForwardedHeaders(forwardOptions);
于 2020-01-07T15:28:05.567 回答