[英]One authentication API to many other API microservices
My plan is to build some separated WebApi backend apps in .Net Core 2.1. 我的计划是在.Net Core 2.1中构建一些单独的WebApi后端应用程序。 I would like to have also one big fronted application (built in Angular), which will use calls for the above microservices.
我还想拥有一个大型前端应用程序(内置于Angular中),该应用程序将使用上述微服务的调用。
So, in Frontend app I will have some modules: Login , MicroSrv1 , MicroSrv2 , ... etc 因此,在前端应用程序中,我将具有一些模块:Login,MicroSrv1,MicroSrv2,...等
Login GUI will use LoginApi. 登录GUI将使用LoginApi。 After logging I want to show MicroSrv1 GUI (connected to MicroSrv1 Api) , MicroSrv2 (to MicroSrv2 Api) , and so on.
登录后,我想显示MicroSrv1 GUI(连接到MicroSrv1 Api),MicroSrv2(连接到MicroSrv2 Api),依此类推。
My idea is: 我的想法是:
Is this a good practice? 这是一个好习惯吗? To have only one separate microservice to authentication?
是否只有一个单独的微服务进行身份验证? Or every microservice should have built-in their own?
还是每个微服务都应该内置自己的微服务? How I can share authentication token between microservices and use only one Login Api app?
如何在微服务之间共享身份验证令牌并仅使用一个Login Api应用程序? Could you please provide me some examples?
您能给我一些例子吗?
I didn't get why you have a GUI for each micro service, however you can achieve this by adding authentication for each one with a shared data protection key. 我不明白为什么每个微服务都有一个GUI,但是您可以通过使用共享数据保护密钥为每个微服务添加身份验证来实现此目的。
You can make this by configuring the data protection to use shared folder as key store, or implement your own one to have one shared store. 您可以通过将数据保护配置为使用共享文件夹作为密钥存储区来实现此目的,或者实现自己的数据保护以拥有一个共享存储区。
From authentication service, you would return a JWT token based on the user role and permissions associated to it. 从身份验证服务中,您将根据用户角色和与其关联的权限返回JWT令牌。
On the client side, you would parse the JWT Token and based on the permission, you will only show the screens that are applicable to the user, and on the server side, you would read access rights in each REST call, and through unauthorized error if user tries to access a service without right access rights 在客户端,您将解析JWT令牌,并基于权限,仅显示适用于用户的屏幕,而在服务器端,您将读取每个REST调用中的访问权限,并通过未授权的错误如果用户尝试访问没有权限的服务
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.