简体繁体 English

微服务的API授权

[英]API Authorization with microservices

原文 2018-10-13 16:12:45 1 1 c#/ api/ microservices

I have a multi-tenant project which will be calling multiple microservices to perform specific tasks. 我有一个多租户项目，它将调用多个微服务来执行特定任务。

I want the microservices to understand which DB to play with from the request being sent as the microservices will be used by every tenant, however, tenants will have their own DB. 我希望微服务从发送的请求中了解要使用哪个数据库，因为每个租户都将使用微服务，但是，租户将拥有自己的数据库。 I have another solution which has a Web project which deals with API key management. 我有另一个解决方案，它有一个处理API密钥管理的Web项目。

Let's say for example the API key management is sitting on domain: portal.example.com 例如，假设API密钥管理位于以下域中：portal.example.com

When tenant.example.com calls microservice at microservice.example.com I want some middleware to listen out for the request on the microservice side and get the APIKey from the request, validate it by checking the portal.example.com services and if the APIKey is valid, grab the tenant for this API key and determine the connection string to use for the microservice. 当tenant.example.com在microservice.example.com上调用微服务时，我希望某些中间件在微服务端监听请求，并从请求中获取APIKey，通过检查portal.example.com服务以及是否通过APIKey有效，请获取此API密钥的租户并确定要用于微服务的连接字符串。

I feel as if this isn't efficient as it requires too many calls just to determine the connection string to use, can anyone think of a better method of determining a connection string but also validating an APIKey? 我觉得这不太有效，因为它需要太多的调用才能确定要使用的连接字符串，有人能想到一种确定连接字符串但还要验证APIKey的更好方法吗？

1 个解决方案

The nature of the issue seems to require some more information with regards to some business decisions and architectural decisions. 问题的性质似乎需要有关某些业务决策和体系结构决策的更多信息。

But with the information you've provided so far, I would say that the connection strings you're referring to could potentially be a problem for data leaks as well. 但是，根据您到目前为止提供的信息，我想说的是，您引用的连接字符串也可能是数据泄漏的问题。 Given that if there are errors in the authorization service that sends the wrong connection strings, you may accidentally connect your client to another database rather than the actual client that made the request. 假设授权服务中发送错误的连接字符串时出错，则可能会不小心将客户端连接到另一个数据库，而不是实际发出请求的客户端。 Second point to this is that it also makes the authorization service a single point of failure. 第二点是，这也使授权服务成为单点故障。 If it fails or if a malicious user gets access to it, all your tenants are affected. 如果失败或恶意用户访问它，则所有租户都会受到影响。

Instead of letting the architecture handle this, one thing that may be worth evaluating is to use OAuth's client credentials to authenticate different applications; 可能需要评估的一件事是使用OAuth的客户端凭据对不同的应用程序进行身份验证，而不是让体系结构来处理此问题。 each application reflects a different set of database parameters. 每个应用程序反映一组不同的数据库参数。 During the OAuth authentication phase, it will redirect the user to the correct application. 在OAuth身份验证阶段，它将把用户重定向到正确的应用程序。 In summary, a single set of applications deployed for each tenants where tenants are authenticated via OAuth. 总之，为每个租户部署了一组应用程序，其中通过OAuth对租户进行了身份验证。

A slightly different alternative is to deploy and replicate the entire stack that you use for one tenant for another tenant with their respective database credentials. 一种略有不同的替代方法是，将一个租户使用的整个堆栈部署并复制到另一个租户，并使用其各自的数据库凭据。 I would advocate for this only if you're limited by development resources. 仅当您受到开发资源的限制时，我才主张这样做。