2 very important components for Microservice based architecture:
- i) Authentication/Authorization server
- ii) API Gateway/Ocelot
are demonated here:
- Authentication server is used here for generating jwt token. Based on that token, API gateway exposed endpoint can be called.
- API Gateway exposed endpoints publicly to consume that private endpoints.
Identity Server4 is an OpenIDConnect and OAth2.0 framework for ASPNET Core. It provides jwt token for authentication/authorization.
Benifits:
- Centralize authentication logic for all applications (web, mobile, native, services).
- Authentication as Service.
- Access Control for API's using token generation.
- Use as Federated Gateway (external identity providers (google, facebook, Azure Active directory)
- Single Singin/Signout
- Support Dotnet foundation.
- Apachi2 licence
Take all API calls from clients, then route them to the appropriate microservices with request routing, composition and protocol translation. Typically it handles a request by invoking multiple microservices and aggregate the results. It can translate between Web protocol. It invoke various services like product info and review and combine the results.
Benifits:
- Act as reverse proxy.
- No need to expose real services endpoints publicly.
- Authentication feature
- Response Caching.
- Api call tracking and Bill generation if needed.
- Centralize API management.
- Aspnet Core
- IdentityServer4
- Ocelot API gateway
- There are 3 projects in the solution:
-
- IdentityServer project
-
- Ocelot project
-
- TodoApi project
Steps to follow:
- Step 1. You need to run both 3 projects.
- Step 2. Call IdentityServer projects endpoint (https://localhost:4001/connect/token) (using postman)
- Step 3. Using that token call API gateway exposed endpoint(GET https://localhost:6001/api/todo)
- Step 4. You will received the todo list.
Note:
- If you call API gateway exposed endpoints (Ocelot project) without valid token you will get 401 unauthorized error
- If you call directly TodoApi endpoints (TodoApi project) you can get data without any token.
- Scenario: Todo project endpoinsts will be in any private networks and not exposed outside the network. But your Ocelot project(API gateway project) will be exposed publicly (with authentication).
- Hope you understand the real usecase (Please check the POSTMAN screenshot bellow).
Single API call (without any parameters) with exposed API gateway endpoints (return array of Todo objects):
Single API call (with parameters) with exposed API gateway endpoints (return String):
Single API call with exposed API gateway endpoints which return and merged data with 2 API call: