Thank you very much for sharing your thought. Based on this video; what I understood when we are making request to sales service it is already authenticated. I am not clear why product service or sales service requires to access auth server? Could you kindly help on that part, please? Thanks in advance.
Yes, bhai. Inside of the network, we don't need to authenticate. But suppose if the user/caller somehow knows an URL which he shouldn't have access, how can you stop that call from being executed? :)
I think all requests are coming through Ocelot/ApiGateway; so from there we can intercept the request and can do the necessary check from auth service and finally forward it to the actual service. Another alternative approach is role-based authorization.
@@Foyzul and @@HasibulHaque bhai, Can we do IP Whitelisting with Mutual TLS Service-to-Service Communication to avoid rechecking of auth server? Where we configure IP whitelisting rules on the service's network or firewall to allow incoming requests only from specific IP addresses associated with the API gateway or authorized clients and secure communication between microservices by using mechanisms like Mutual TLS or API keys to ensure that only trusted services can communicate with each other.
Thank you very much for sharing your thought. Based on this video; what I understood when we are making request to sales service it is already authenticated. I am not clear why product service or sales service requires to access auth server? Could you kindly help on that part, please? Thanks in advance.
Yes, bhai. Inside of the network, we don't need to authenticate. But suppose if the user/caller somehow knows an URL which he shouldn't have access, how can you stop that call from being executed? :)
I think all requests are coming through Ocelot/ApiGateway; so from there we can intercept the request and can do the necessary check from auth service and finally forward it to the actual service. Another alternative approach is role-based authorization.
@@Foyzul and @@HasibulHaque bhai, Can we do IP Whitelisting with Mutual TLS Service-to-Service Communication to avoid rechecking of auth server?
Where we configure IP whitelisting rules on the service's network or firewall to allow incoming requests only from specific IP addresses associated with the API gateway or authorized clients and secure communication between microservices by using mechanisms like Mutual TLS or API keys to ensure that only trusted services can communicate with each other.
Nice brother
Thanks