I am trying to understand the call from MVC client to APIGateway.
Does MVC client need token to call APIGateway.
If yes, how this authorization is handled.
Is MVC client interacting with Identity Service to authorize MVC client to call APIGateway.
Hi @Mahenbisht, thank you for reaching out.
Actually, the MVC client needs to pass on the token in the Authorization header while making calls to other services. For e.g Order, Basket API(s) etc.. Envoy service proxy has been used instead of Ocelot as an API gateway in the eShop application now. Though Envoy proxy controls the routing and filtering of incoming request for different APIs or aggregators, actual authentication gets handled by the Identity Server itself. If you refer AddAuthentication() code snippet you will notice how MVC acquires token and save it to Cookie for the validation and uses bearer token for subsequent API calls.
After running the app using docker-compose, you should be able to see the Envoy Admin using http://host.docker.internal:15202/ For more details you can refer :
Code Flow
Make secure .NET Microservices and Web Applications
Hope this helps !
If you refer AddAuthentication() code snippet you will notice how MVC acquires token and save it to Cookie for the validation and uses bearer token for subsequent API calls
Hi, Thanks for your reply. I understand your point. I believe, AddAuthentication() code snippet is to add authentication handler and adding the authentication and challenge scheme. As per my understanding MVC client inject authorization in header using this code.
services.AddHttpClient
.SetHandlerLifetime(TimeSpan.FromMinutes(5)) //Sample. Default lifetime is 2 minutes
.AddHttpMessageHandler
.AddDevspacesSupport();
Hi @Mahenbisht, that's correct.
Bearer token gets added to the header for each service through the custom implementation of HttpClientAuthorizationDelegatingHandler. You could perform the additional check on your header if you want to.
For more detasils please refer Make HTTP requests using IHttpClientFactory in ASP.NET Core
Please note, you could also handle authentication in your API Gateway layer as well.
You can also refer Make secure .NET Microservices and Web Applications
Hi @Mahenbisht, that's correct.
Bearertoken gets added to the header for each service through the custom implementation ofHttpClientAuthorizationDelegatingHandler. You could perform the additional check on your header if you want to.
For more detasils please refer Make HTTP requests using IHttpClientFactory in ASP.NET CorePlease note, you could also handle authentication in your API Gateway layer as well.
You can also refer Make secure .NET Microservices and Web Applications
Thanks for clarifying the points.
Considering the original question has been answered, I am closing this issue as of now. Please feel free to reopen it, if you have any further questions.
Thank you.
Considering the original question has been answered, I am closing this issue as of now. Please feel free to reopen it, if you have any further questions.
Thank you.
Hi, Sorry to raise query again.
Is the bearer token gets added to the header for each service through the custom implementation of HttpClientAuthorizationDelegatingHandler from MVC cookie?
Considering the original question has been answered, I am closing this issue as of now. Please feel free to reopen it, if you have any further questions.
Thank you.Hi, Sorry to raise query again.
Is the bearer token gets added to the header for each service through the custom implementation of HttpClientAuthorizationDelegatingHandler from MVC cookie?
No problem :)
The bearer token gets added to every request header when the call gets initiated from MVC to any specific service.
Now, in the MVC app the token gets fetched using method HttpContext.GetTokenAsync(ACCESS_TOKEN) which is defined in HttpClientAuthorizationDelegatingHandler. And the authentication cookie makes that available once the authentication is done.
Thanks for clarifying the fact. This has cleared my all the points.