Brilliant tutorials on Jwt. I was struggling to find examples of how to integrate Microsoft Identity with Jwt and Gateways/Microservices. You're an absolute life saver!
@@CodingDropletsThank you, I had been searching for the past 2 days on how to use authentication in other microservices, I was distressed. Thank you for your help. May God keep you happy always.
Thank you so much, best series on microservices well done, your videos are to the point and you well described real world scenarios, I really appreciate your tremendous efforts.
Thank you for your kind words and positive feedback! We're delighted to hear that you enjoyed our microservices series and found the content valuable. Your appreciation motivates us to continue delivering concise and practical videos.
Thank you so much sir for providing the best tutorial on this platform, when first i started i didn't thought that it would be worked on my case but it did work without any single error thank you so much.
You're welcome! I'm glad to hear that you found my tutorial helpful and that you were able to apply it successfully to your own project without any issues. Thank you for taking the time to leave such a positive comment, it means a lot to me. If you have any questions or there's anything else I can help you with, feel free to let me know. Thanks again!
This is a great tutorial to jumpstart someone learning how to setup a JWT Authentication. Just a question though, obviously the users where statically implemented from the JwtHandler constructor. Just wanted to get a thinking process how to implement that getting users from an actual endpoint/DB. I hope you notice this and can help us point to the right direction.
Thank you! I'm glad you found the tutorial helpful! You're absolutely right. The users were statically implemented for simplicity. To get users from an actual database or endpoint, you'd typically inject a service (like a repository or API client) and fetch the user details during the authentication process.
you are amazing and i really appreciate the efforts you put in this content 💗, i want to ask you if this is the last video on this series or you will upload more videos ? Than you again.
I can say that there is no end for a series. We may upload new videos to in any series. Technology is developing. New things will come up. We'll create new videos in each series.
I have a few questions.: 1) Where should I do the user registration logic, in Authentication Web Api or Jwt Authentication Manager? 2) How can I get a UserId from a jwt token in other APIs, for example? 3) How should my other application receive a new token after the expiration of the previous token? 4) Where should I store the jwt token in the application, for a long time for frequent reuse?
Great questions! I appreciate your engagement with the tutorial. Here are some brief answers: 1) User registration logic is typically handled in an authentication service. 2) You can include the User ID in token's claims. In your other APIs, you can use retrieve the User ID from Claims. 3) When a token expires, the client needs to request a new one. You can implement refresh token if needed, so that the client don't need to authenticate frequently using user name and password. 4) You can store JWT tokens securely in the client application using mechanisms like browser storage (localStorage or sessionStorage) for web applications. For mobile or desktop apps, consider secure storage options like Keychain (iOS) or Keystore (Android). Always prioritize security and avoid storing sensitive data in an insecure manner.
@@CodingDroplets Thanks for the answer, a new question has appeared, how in JwtAuthenticateManager can I get a database from Environment if I can't add it to docker? Can I make this UserAccount search logic from the database in the Authentication Web Api controller, and not in the JwtAuthenticationManager, and transfer the already found UserAccounts there?
Certainly! It sounds like you want to handle the UserAccount search logic from the database in the Authentication Web API controller rather than in the JwtAuthenticationManager. This approach is absolutely valid, and you can pass the already found UserAccounts to the JwtAuthenticationManager. By separating the database retrieval logic into the Authentication Web API controller, you keep your concerns neatly organized. This approach allows for more flexibility and easier testing.
Great Video! i wish if you can do another one to describe how we can use the scope and how the internal service can communicate with each other with the authentication
Amazing! I must say wonderful tutorial. full API package. I'm looking forward for implementation of an API in Azure docker. please kindly share the video link if you already made it!
Thank you for your kind words! I'm glad you found the tutorial helpful. I haven't made a video specifically on deploying a .NET Core API to Azure using Docker yet, but I'll definitely consider it for a future video.
Thank you for watching my tutorial on Ocelot API Gateway and for taking the time to leave a comment. I'm thrilled to hear that you found the tutorial helpful! It's always great to receive feedback and know that my content is making a positive impact. If you have any suggestions or topics you would like me to cover in future videos, please don't hesitate to let me know. Thank you again for your support and I hope to continue creating helpful content for you and others in the future.
Bravo, excellent, marvelous. I had watched the microservice playlist. Got an overview of microservice and its implementation along with JWT authorization. Its great, I have a doubt. How do you merge the multiple database result into single API. Lets say i would like to get a report on Order based on company, product and order date range. Since Database are seperate how do you merge them and show it to single API result.
thank you so much, loved this entire series, I was wondering if you are planning to continue it or not ? rabbit mq, service discovery for communication b/w microservices can be a good choice for next few videos. one particular confusion I had is if we are suppose to do the authentication in API gateway , why did you create a separate class library for jwt authentication , is there any particular reason or benefit for that ?
Thank you for your feedback and I'm delighted to hear that you enjoyed the series! I'm always considering new topics for future videos, and your suggestions for RabbitMQ and service discovery for microservices communication are excellent ideas that I'll certainly take into account. Regarding the separate class library for JWT authentication, it's a great practice for modularizing code and promoting reusability. By encapsulating the JWT authentication logic in a separate library, such as the AddCustomJwtAuthentication extension, we can easily reference it in multiple projects without duplicating code.
Doesn't adding the authentication project as a dependency in each microservice kind of defeat the purpose here? Is there a way to do this where the Authorisation service, gateway service and other service do not share dependencies and are completely separate projects?
Thanks for the series, I've watched all the videos until now, regarding your question, I prefer to apply it on the API gateway, I feel the whole project is more secure that way, and the code is cleaner, you can configure everything from the ocelot file, IMO, that's much better. I have a question, will you be adding more videos to this series? Like message bus and/or GRPC
You are most welcome! We used to add videos to existing serieses. For gRPC, we have a seperate series. Please find the below URL. th-cam.com/video/x-ktwMTN0Yw/w-d-xo.html
Thank you so much , great content. I have a question though. I have microservices altogether as separate projects, implemented api gateway also a separate project , ready and deployed in azure web service app I am thinking of creating a jwt authentication project in the api gateway project . So that i api gateway can access jwt services to generate access token. Also makes it easy to make use of your second approach of authenticating in gateway mode , then only allowing authenticated requests to respective microservice.. Please tell me is this a good way of implementing this architecture in this use case. Thanks
Thank you for your positive feedback, and I'm glad you found the content helpful! Your plan to create a JWT authentication project within the API Gateway project and have the API Gateway handle the generation of access tokens is a valid and commonly used approach in microservices architectures. However, please ensure that you implement proper security practices.
Thanks for all your tutorials. I just had a couple of questions" How to you add multiple Roles for "RouteClaimsRequirement"? How do you provide policy based Authentication in Ocelot?
Ocelot doesn't support comma separated roles at this stage: Solutions: stackoverflow.com/questions/65649254/how-to-allow-multiple-roles-to-access-route-through-routeclaimsrequirement github.com/ThreeMammals/Ocelot/issues/1460 stackoverflow.com/questions/60300349/how-to-check-claim-value-in-array-or-any-in-ocelot-gateway
This is certainly cool when you have one microservice. But when there are many of them? Write everything in one ocelot file? Wouldn't it be too much with 20 microservices? Can you show me how to deal with this? Or is this something you can’t do?
That's a great question! Managing multiple microservices in a single Ocelot configuration file can be overwhelming. A better approach is to break the configuration into smaller, more manageable files. This way, each microservice has its own configuration file, making it easier to maintain and scale.
@@CodingDroplets Yes, but how to work with these files? After all, you can connect only two ocelot files. There is no documentation on this issue. How to work, for example, with such a hierarchy of ocelot.Cashboxes and nested within it is ocelot.Cashboxes.Numeric and so on. And so, let's say three or more files with attachments.
In Customer Controller on the action GetCustomers() if I Put [Authorize(Roles = "Administrator")] or [Authorize(Roles = "Administrator,User")] Token not work, i am getting a permission error from ocelot : message: 403 (Forbidden), if I leave[Authorize] it works why?
@@CodingDroplets thanks, I had already downloaded the source, right in the source I found this error : "Role" must be in lower case "role" otherwise it doesn't work on the controller
thank you for the tutorial, I was following your steps but it got to the docker orchestrator support step and I don't know how to proceed, I didn't use docker in my project (im planing on doing it later) , can this tutorial work for me without using docker or should I just give up? it's really sad I allready got to the middle of the video
Thank you for watching the tutorial and for your question. I understand that you have reached the part where Docker orchestration is introduced, but you haven't used Docker in your project yet. Don't worry, you can still continue with the tutorial even if you're not using Docker at the moment. The Docker orchestration part is an optional step that showcases how to deploy the Ocelot API Gateway in a containerized environment. If you're not using Docker right now, you can simply skip that step and proceed with the rest of the tutorial. The tutorial will still be applicable and helpful for you to understand the concepts of Ocelot API Gateway and JWT authentication. You can focus on implementing the authentication and authorization mechanisms within your project without Docker.
@@CodingDroplets thank you so much for your reply, yes I managed to follow the video and I implemented the Api Gateway and authentication mechanism, Im going to use a db to fetch user accounts instead of hard coding them, but I have an issue if you kindly give me your guidance on it, I want to implement a sign up mechanism but my app will have 2 users (admin and user) , how should I go about this theoretically? It doesn't seem right to include the role in the registration, also should I change the userAccount class attributes to have some other data from registration (name, surname etc) or create another class userRegistration that handles that data and populate the relevant data (username, password) into userAccount, i would appreciate it very much if you help me with this and thank you again
Thank you for your feedback and for sharing your progress with the tutorial. I'm glad to hear that you were able to follow the video and implement the API Gateway and authentication mechanism successfully. Regarding your question about implementing a sign-up mechanism with two user roles (admin and user), here are a few suggestions: Separate User Roles: You can consider creating a separate field or property in the user account model to indicate the user's role. During the sign-up process, you can provide an option for the user to choose their role (admin or user). This way, you can differentiate between the roles and apply the appropriate authorization rules in your application. User Account Attributes: If you need additional information such as name, surname, or any other data during the registration process, you can either add those attributes directly to the user account class or create a separate class for user registration that captures the additional information. Then, you can populate the relevant data (such as username and password) into the user account object. It's important to design the registration process in a way that aligns with your application's requirements and security considerations. Consider factors such as data validation, authentication, and authorization when implementing the sign-up mechanism. I hope these suggestions provide some guidance for your implementation. If you have further questions or need assistance with any specific aspect, feel free to ask. Good luck with your project, and thank you for your support!
@@CodingDroplets Thank you so much for your swift reply, I think I will let the user choose his role from a dropdown menu, and I will just add the relevant registration data to the UserAccount (it seems simpler + I may need to fetch the additional data in the authen response and display it in the user profile in my front app) , I have an additional "stupid" question if I may trouble you further, will adding an Id attribute to the userAccout entity class affect the authentication logic or cause any errors? because as the UserAccount will now have a table users I plan to add this line to it ( [Key] [DatabaseGenerated(DatabaseGeneratedOption.Identity)] public int Id { get; set; } ), is this the right approach ?
@@CodingDroplets hello again sir, im having an error about the usage of a scoped service (JwtAuthenticationManager.Data.ApplicationDbContext) within a singleton service (JwtAuthenticationManager.JwtTokenHandler), does making jwtAuthManager a scoped service instead of singleton a good solution ? It works but chatGpt told me about thread issues and I worry a problem might come out of this later, so sorry for the inconvenience and thank you again
Hello, Thank you for this video, very good. I do have a question, I'm using .NET 8 , and when I use app.UseAuthentication() , all requests come with 401 Unauthorized, but If I remove it, it behaves as expected (I receive 401 Unauthorized if a request has invalid JWT or no token). Can useAuthentication() interfere? Should I remove it? Or is that a bad practice for Production-code ? Thank you so much for your videos. Subscribed!
Thank you for your positive feedback and for subscribing! I'm glad to hear that you found the tutorial helpful. If you're facing challenges where all requests result in a 401 Unauthorized, it's essential to review your authentication setup. Check the authentication configuration, token validation logic, middleware order, and introduce logging for troubleshooting. For additional reference and to compare your implementation, you can find the source code for the tutorial on GitHub: github.com/codingdroplets/OcelotAuthenticationAndAuthorization
This video is part of a series (link below). In some previous videos we've explained about the deployment. th-cam.com/play/PLzewa6pjbr3JQKhB_U_FiuYwQC70i-TyU.html
Thank you for your question! In the tutorial, the focus was on demonstrating authorization with Ocelot API Gateway. However, incorporating authentication filters is indeed an essential aspect of building a secure API gateway. I'll certainly consider it for future content. Authentication filters in Ocelot can be applied to validate and authenticate incoming requests. They are typically used to check credentials, tokens, or other authentication mechanisms before requests are further processed.
Nice topic I have one issue my web api already integrated with windows authtcation if I configure ocelot it always throw 401 error any solution for it?
Thank you for watching my video on Ocelot API Gateway and leaving a comment. I'm glad you found the topic interesting. Regarding your issue with Windows authentication and Ocelot, I understand that you are experiencing 401 errors after configuring Ocelot. This issue could be related to the way you have configured Ocelot and Windows authentication. First, make sure that you have correctly configured Ocelot to work with Windows authentication. You may need to set the correct authentication options in your Ocelot configuration file. Also, ensure that your API is configured to accept requests with Windows authentication. If you have verified that your configuration is correct, another issue that could be causing the 401 errors is the way that the authentication is being propagated through Ocelot to your API. Ocelot passes the authentication token through as a bearer token by default, but Windows authentication uses a different authentication method. You may need to implement a custom middleware to handle the Windows authentication token. I recommend reviewing the Ocelot documentation and troubleshooting guides to help you diagnose and resolve this issue.
Hi, This tutorial is very helpful for Docker implementation. However, when I tried implementing the code on Windows Docker, I encountered an error. Could you please share the content of the Docker Compose YML file for Windows Docker?
Thank you for watching my tutorial on Ocelot API Gateway Authentication in Docker, and I'm glad to hear that you found it helpful for Docker implementation. Regarding your question, I apologize for the inconvenience caused by the error you encountered while implementing the code on Windows Docker. Unfortunately, I did not create a separate Docker Compose YML file for Windows Docker as I did the tutorial on a Linux-based docker container. However, you can try adapting the existing Docker Compose YML file to work with Windows Docker by making any necessary adjustments, such as changing the path separators from forward slashes to backslashes. If you encounter any further issues or have any other questions, please don't hesitate to reach out to me. I'll do my best to help you with your Docker implementation. Thanks again for your comment, and I hope you find the information provided useful.
Certainly! I appreciate your interest in the code. You can find the source code used in the tutorial on GitHub. Here's the link to the repository: github.com/codingdroplets/OcelotAuthenticationAndAuthorization
Thank you for watching the video. The source code for the project explained in the video is available on GitHub (github.com/codingdroplets/OcelotAuthenticationAndAuthorization), and I encourage you to refer to it for further guidance and to try it out for yourself. If you have any further questions or concerns, please do not hesitate to let me know. Thank you again for your interest in the tutorial and for taking the time to leave your comment.
In the demo application, token validity is assigned as 20 mins. Hence you'll get Unauthorized response if the token is expired. Please find the source code in the below Github url. github.com/codingdroplets/OcelotAuthenticationAndAuthorization
Thank you for this playlist but i've question : if we update or refactoring any api what about the inserted data on databases ? - we must update code any time as customer requests without remove any inserted data, what can we make it ? finaly many thanks for this playlist
⭐ Join Us on Patreon: www.patreon.com/CodingDroplets
Microservices Tutorial Playlist Link: th-cam.com/video/gPInkLCfalE/w-d-xo.html
Thanks! Loved your series on microservices .
Glad to hear it!
Brilliant tutorials on Jwt. I was struggling to find examples of how to integrate Microsoft Identity with Jwt and Gateways/Microservices. You're an absolute life saver!
Thank you for watching the video and for leaving such a positive comment. I'm delighted to hear that the tutorial was helpful.
it takes great understanding to make tutorials this concise and clear. props to you man, thanks a lot truly. this will pass my uni semester lmao
Glad to hear that you found the tutorial helpful, and I appreciate your kind words!
@@CodingDropletsThank you, I had been searching for the past 2 days on how to use authentication in other microservices, I was distressed. Thank you for your help. May God keep you happy always.
Thank you so much, best series on microservices well done, your videos are to the point and you well described real world scenarios, I really appreciate your tremendous efforts.
Thank you for your kind words and positive feedback! We're delighted to hear that you enjoyed our microservices series and found the content valuable. Your appreciation motivates us to continue delivering concise and practical videos.
Great tutorial! Thank you so much for sharing. This series has been so helpful for starting with microservices.
Thank you for your kind words! Glad to hear that.
Thank you so much sir for providing the best tutorial on this platform, when first i started i didn't thought that it would be worked on my case but it did work without any single error thank you so much.
You're welcome! I'm glad to hear that you found my tutorial helpful and that you were able to apply it successfully to your own project without any issues. Thank you for taking the time to leave such a positive comment, it means a lot to me. If you have any questions or there's anything else I can help you with, feel free to let me know. Thanks again!
@@CodingDroplets sir i want to know how i can set admin and user both to use "Get" method in Role based authentication
Wonderful series! Very well explained! Cleared my all doubts! Please keep up the good work!
Thank you so much for your feedback and kind words!
good one for the professional approach
Thanks!
Awesome tutorials! Concise and to the point!
Glad it was helpful!
This is a great tutorial to jumpstart someone learning how to setup a JWT Authentication.
Just a question though, obviously the users where statically implemented from the JwtHandler constructor. Just wanted to get a thinking process how to implement that getting users from an actual endpoint/DB. I hope you notice this and can help us point to the right direction.
Thank you! I'm glad you found the tutorial helpful! You're absolutely right. The users were statically implemented for simplicity. To get users from an actual database or endpoint, you'd typically inject a service (like a repository or API client) and fetch the user details during the authentication process.
Great content!Thank you from Perú
You are most welcome. Glad to know you liked it!
Dear sir ,
Thank you very much for your continuous efforts to share knowledge . All the respect 🙏
Thanks and welcome
Great content 👌, learnt alot today. Keep it up
Thank you! Glad to know you liked it.
you are amazing and i really appreciate the efforts you put in this content 💗, i want to ask you if this is the last video on this series or you will upload more videos ?
Than you again.
I can say that there is no end for a series. We may upload new videos to in any series. Technology is developing. New things will come up. We'll create new videos in each series.
I have a few questions.:
1) Where should I do the user registration logic, in Authentication Web Api or Jwt Authentication Manager?
2) How can I get a UserId from a jwt token in other APIs, for example?
3) How should my other application receive a new token after the expiration of the previous token?
4) Where should I store the jwt token in the application, for a long time for frequent reuse?
Great questions! I appreciate your engagement with the tutorial. Here are some brief answers:
1) User registration logic is typically handled in an authentication service.
2) You can include the User ID in token's claims. In your other APIs, you can use retrieve the User ID from Claims.
3) When a token expires, the client needs to request a new one. You can implement refresh token if needed, so that the client don't need to authenticate frequently using user name and password.
4) You can store JWT tokens securely in the client application using mechanisms like browser storage (localStorage or sessionStorage) for web applications. For mobile or desktop apps, consider secure storage options like Keychain (iOS) or Keystore (Android). Always prioritize security and avoid storing sensitive data in an insecure manner.
@@CodingDroplets Thanks for the answer, a new question has appeared, how in JwtAuthenticateManager can I get a database from Environment if I can't add it to docker? Can I make this UserAccount search logic from the database in the Authentication Web Api controller, and not in the JwtAuthenticationManager, and transfer the already found UserAccounts there?
Certainly! It sounds like you want to handle the UserAccount search logic from the database in the Authentication Web API controller rather than in the JwtAuthenticationManager. This approach is absolutely valid, and you can pass the already found UserAccounts to the JwtAuthenticationManager. By separating the database retrieval logic into the Authentication Web API controller, you keep your concerns neatly organized. This approach allows for more flexibility and easier testing.
@@CodingDroplets Thank you for your help, you explain very well.
You are welcome!
Great Video! i wish if you can do another one to describe how we can use the scope and how the internal service can communicate with each other with the authentication
Great suggestion! Will do it soon.
Amazing! I must say wonderful tutorial. full API package. I'm looking forward for implementation of an API in Azure docker. please kindly share the video link if you already made it!
Thank you for your kind words! I'm glad you found the tutorial helpful. I haven't made a video specifically on deploying a .NET Core API to Azure using Docker yet, but I'll definitely consider it for a future video.
This was super helpful. Thank you!
Glad it was helpful!
Excellent tutorial. Thank you
Thank you for watching my tutorial on Ocelot API Gateway and for taking the time to leave a comment. I'm thrilled to hear that you found the tutorial helpful!
It's always great to receive feedback and know that my content is making a positive impact. If you have any suggestions or topics you would like me to cover in future videos, please don't hesitate to let me know.
Thank you again for your support and I hope to continue creating helpful content for you and others in the future.
Bravo, excellent, marvelous. I had watched the microservice playlist. Got an overview of microservice and its implementation along with JWT authorization. Its great, I have a doubt. How do you merge the multiple database result into single API. Lets say i would like to get a report on Order based on company, product and order date range. Since Database are seperate how do you merge them and show it to single API result.
Thanks a lot. Great Project !!!!!!!!!!!!
Thank you so much for your enthusiastic comment! Glad to hear that you found the project great and valuable.
Thank you! Excellent content!
You are welcome. Glad to know you liked it!
thank you so much, loved this entire series, I was wondering if you are planning to continue it or not ?
rabbit mq, service discovery for communication b/w microservices can be a good choice for next few videos.
one particular confusion I had is if we are suppose to do the authentication in API gateway , why did you create a separate class library for jwt authentication , is there any particular reason or benefit for that ?
Thank you for your feedback and I'm delighted to hear that you enjoyed the series! I'm always considering new topics for future videos, and your suggestions for RabbitMQ and service discovery for microservices communication are excellent ideas that I'll certainly take into account.
Regarding the separate class library for JWT authentication, it's a great practice for modularizing code and promoting reusability. By encapsulating the JWT authentication logic in a separate library, such as the AddCustomJwtAuthentication extension, we can easily reference it in multiple projects without duplicating code.
nice video...👍👍👍
Thank You!
Thank you for sharing❤
You are so welcome
Doesn't adding the authentication project as a dependency in each microservice kind of defeat the purpose here? Is there a way to do this where the Authorisation service, gateway service and other service do not share dependencies and are completely separate projects?
Two options are explained in the video. The second option only needs the dependency in the API Gateway.
Great content... Just two questions when is the front end coming and why didn't you use a Message Queuing service like RabbitMQ?
Please make a video on the service registry with microservices using .netcore web api.
Thank you for your suggestion! I'll definitely consider creating a tutorial on service registry in the context of microservices.
@@CodingDroplets Thanks
Thanks for the tutorials! Your videos are concise but to the point! What is your total plan to complete the series and by when?
Hello .. There is no end for a series.. We might add new videos in each series. please do follow us and stay updated
you are awesome 💖 thank you so much
You are welcome! Glad to hear that.
I've been looking for it for a long time. Thank u very much.
You are welcome. Glad to know it helped.
Thanks for the series, I've watched all the videos until now, regarding your question, I prefer to apply it on the API gateway, I feel the whole project is more secure that way, and the code is cleaner, you can configure everything from the ocelot file, IMO, that's much better. I have a question, will you be adding more videos to this series? Like message bus and/or GRPC
You are most welcome! We used to add videos to existing serieses.
For gRPC, we have a seperate series. Please find the below URL.
th-cam.com/video/x-ktwMTN0Yw/w-d-xo.html
@@CodingDroplets Thanks dude! I really learned a lot from this series!
Thank you so much , great content.
I have a question though.
I have microservices altogether as separate projects, implemented api gateway also a separate project , ready and deployed in azure web service app
I am thinking of creating a jwt authentication project in the api gateway project . So that i api gateway can access jwt services to generate access token.
Also makes it easy to make use of your second approach of authenticating in gateway mode , then only allowing authenticated requests to respective microservice..
Please tell me is this a good way of implementing this architecture in this use case.
Thanks
Thank you for your positive feedback, and I'm glad you found the content helpful!
Your plan to create a JWT authentication project within the API Gateway project and have the API Gateway handle the generation of access tokens is a valid and commonly used approach in microservices architectures. However, please ensure that you implement proper security practices.
@@CodingDropletsthanks for your reply.
Can you tell me how to implement role based Authorization for the same
Thankx pro
But i have one quetion
When i have admin who have changable permission
How i can make authorization handler ?
Thanks for all your tutorials. I just had a couple of questions"
How to you add multiple Roles for "RouteClaimsRequirement"?
How do you provide policy based Authentication in Ocelot?
Ocelot doesn't support comma separated roles at this stage:
Solutions:
stackoverflow.com/questions/65649254/how-to-allow-multiple-roles-to-access-route-through-routeclaimsrequirement
github.com/ThreeMammals/Ocelot/issues/1460
stackoverflow.com/questions/60300349/how-to-check-claim-value-in-array-or-any-in-ocelot-gateway
This is certainly cool when you have one microservice. But when there are many of them? Write everything in one ocelot file? Wouldn't it be too much with 20 microservices? Can you show me how to deal with this? Or is this something you can’t do?
That's a great question! Managing multiple microservices in a single Ocelot configuration file can be overwhelming. A better approach is to break the configuration into smaller, more manageable files. This way, each microservice has its own configuration file, making it easier to maintain and scale.
@@CodingDroplets Yes, but how to work with these files? After all, you can connect only two ocelot files. There is no documentation on this issue. How to work, for example, with such a hierarchy of ocelot.Cashboxes and nested within it is ocelot.Cashboxes.Numeric and so on. And so, let's say three or more files with attachments.
In Customer Controller on the action GetCustomers() if I Put [Authorize(Roles = "Administrator")] or [Authorize(Roles = "Administrator,User")] Token not work, i am getting a permission error from ocelot : message: 403 (Forbidden), if I leave[Authorize] it works why?
found on my own in the construction of the token "Role" must be lowercase "role"
Hope the issue is cleared.
The source code is available in the below github repo.
github.com/codingdroplets/OcelotAuthenticationAndAuthorization
@@CodingDroplets thanks, I had already downloaded the source, right in the source I found this error : "Role" must be in lower case "role" otherwise it doesn't work on the controller
thank you for the tutorial, I was following your steps but it got to the docker orchestrator support step and I don't know how to proceed, I didn't use docker in my project (im planing on doing it later) , can this tutorial work for me without using docker or should I just give up? it's really sad I allready got to the middle of the video
Thank you for watching the tutorial and for your question. I understand that you have reached the part where Docker orchestration is introduced, but you haven't used Docker in your project yet. Don't worry, you can still continue with the tutorial even if you're not using Docker at the moment.
The Docker orchestration part is an optional step that showcases how to deploy the Ocelot API Gateway in a containerized environment. If you're not using Docker right now, you can simply skip that step and proceed with the rest of the tutorial.
The tutorial will still be applicable and helpful for you to understand the concepts of Ocelot API Gateway and JWT authentication. You can focus on implementing the authentication and authorization mechanisms within your project without Docker.
@@CodingDroplets thank you so much for your reply, yes I managed to follow the video and I implemented the Api Gateway and authentication mechanism, Im going to use a db to fetch user accounts instead of hard coding them, but I have an issue if you kindly give me your guidance on it, I want to implement a sign up mechanism but my app will have 2 users (admin and user) , how should I go about this theoretically? It doesn't seem right to include the role in the registration, also should I change the userAccount class attributes to have some other data from registration (name, surname etc) or create another class userRegistration that handles that data and populate the relevant data (username, password) into userAccount, i would appreciate it very much if you help me with this and thank you again
Thank you for your feedback and for sharing your progress with the tutorial. I'm glad to hear that you were able to follow the video and implement the API Gateway and authentication mechanism successfully.
Regarding your question about implementing a sign-up mechanism with two user roles (admin and user), here are a few suggestions:
Separate User Roles: You can consider creating a separate field or property in the user account model to indicate the user's role. During the sign-up process, you can provide an option for the user to choose their role (admin or user). This way, you can differentiate between the roles and apply the appropriate authorization rules in your application.
User Account Attributes: If you need additional information such as name, surname, or any other data during the registration process, you can either add those attributes directly to the user account class or create a separate class for user registration that captures the additional information. Then, you can populate the relevant data (such as username and password) into the user account object.
It's important to design the registration process in a way that aligns with your application's requirements and security considerations. Consider factors such as data validation, authentication, and authorization when implementing the sign-up mechanism.
I hope these suggestions provide some guidance for your implementation. If you have further questions or need assistance with any specific aspect, feel free to ask. Good luck with your project, and thank you for your support!
@@CodingDroplets Thank you so much for your swift reply, I think I will let the user choose his role from a dropdown menu, and I will just add the relevant registration data to the UserAccount (it seems simpler + I may need to fetch the additional data in the authen response and display it in the user profile in my front app) , I have an additional "stupid" question if I may trouble you further, will adding an Id attribute to the userAccout entity class affect the authentication logic or cause any errors? because as the UserAccount will now have a table users I plan to add this line to it ( [Key]
[DatabaseGenerated(DatabaseGeneratedOption.Identity)]
public int Id { get; set; } ), is this the right approach ?
@@CodingDroplets hello again sir, im having an error about the usage of a scoped service (JwtAuthenticationManager.Data.ApplicationDbContext) within a singleton service (JwtAuthenticationManager.JwtTokenHandler), does making jwtAuthManager a scoped service instead of singleton a good solution ? It works but chatGpt told me about thread issues and I worry a problem might come out of this later, so sorry for the inconvenience and thank you again
Hey! great videos! are you also on audea???
Thank You! Not in audea
How you deploy this project to Azure Docker Containers. If possible Please make a video. Thanks.
Will do it soon. Thanks
Hello, Thank you for this video, very good.
I do have a question, I'm using .NET 8 , and when I use app.UseAuthentication() , all requests come with 401 Unauthorized, but If I remove it, it behaves as expected (I receive 401 Unauthorized if a request has invalid JWT or no token). Can useAuthentication() interfere? Should I remove it? Or is that a bad practice for Production-code ?
Thank you so much for your videos. Subscribed!
Thank you for your positive feedback and for subscribing! I'm glad to hear that you found the tutorial helpful.
If you're facing challenges where all requests result in a 401 Unauthorized, it's essential to review your authentication setup. Check the authentication configuration, token validation logic, middleware order, and introduce logging for troubleshooting.
For additional reference and to compare your implementation, you can find the source code for the tutorial on GitHub: github.com/codingdroplets/OcelotAuthenticationAndAuthorization
@@CodingDroplets Thank you so much for your response!
You're very welcome!
very good content, it would be perfect if you taught how to deploy that project in ec2 or some orchestrator
This video is part of a series (link below). In some previous videos we've explained about the deployment.
th-cam.com/play/PLzewa6pjbr3JQKhB_U_FiuYwQC70i-TyU.html
why U don't use the authentication filter sir why only authorization,
Thank you for your question! In the tutorial, the focus was on demonstrating authorization with Ocelot API Gateway. However, incorporating authentication filters is indeed an essential aspect of building a secure API gateway. I'll certainly consider it for future content.
Authentication filters in Ocelot can be applied to validate and authenticate incoming requests. They are typically used to check credentials, tokens, or other authentication mechanisms before requests are further processed.
@@CodingDroplets Thank you sir
Welcome
Nice topic I have one issue my web api already integrated with windows authtcation if I configure ocelot it always throw 401 error any solution for it?
Thank you for watching my video on Ocelot API Gateway and leaving a comment. I'm glad you found the topic interesting.
Regarding your issue with Windows authentication and Ocelot, I understand that you are experiencing 401 errors after configuring Ocelot. This issue could be related to the way you have configured Ocelot and Windows authentication.
First, make sure that you have correctly configured Ocelot to work with Windows authentication. You may need to set the correct authentication options in your Ocelot configuration file. Also, ensure that your API is configured to accept requests with Windows authentication.
If you have verified that your configuration is correct, another issue that could be causing the 401 errors is the way that the authentication is being propagated through Ocelot to your API. Ocelot passes the authentication token through as a bearer token by default, but Windows authentication uses a different authentication method. You may need to implement a custom middleware to handle the Windows authentication token.
I recommend reviewing the Ocelot documentation and troubleshooting guides to help you diagnose and resolve this issue.
Hi,
This tutorial is very helpful for Docker implementation. However, when I tried implementing the code on Windows Docker, I encountered an error. Could you please share the content of the Docker Compose YML file for Windows Docker?
Thank you for watching my tutorial on Ocelot API Gateway Authentication in Docker, and I'm glad to hear that you found it helpful for Docker implementation.
Regarding your question, I apologize for the inconvenience caused by the error you encountered while implementing the code on Windows Docker. Unfortunately, I did not create a separate Docker Compose YML file for Windows Docker as I did the tutorial on a Linux-based docker container.
However, you can try adapting the existing Docker Compose YML file to work with Windows Docker by making any necessary adjustments, such as changing the path separators from forward slashes to backslashes.
If you encounter any further issues or have any other questions, please don't hesitate to reach out to me. I'll do my best to help you with your Docker implementation.
Thanks again for your comment, and I hope you find the information provided useful.
@@CodingDroplets
Okay Got it
Thank you.
hi, I'm trying to implement the authentication, It will be really helpful if the code used in this video can be shared
Certainly! I appreciate your interest in the code. You can find the source code used in the tutorial on GitHub. Here's the link to the repository:
github.com/codingdroplets/OcelotAuthenticationAndAuthorization
Thank you so much, it will really help.@@CodingDroplets
You're very welcome!
Can we create frontend for this architecture in angular?
Yes, you can
@@CodingDroplets Do you have any reference video of it.
Greate tuto, thanks! Have you any repository of this solution?
Thank you again!
Most welcome. Thank you for sharing your feedback. Below is the repository URL.
github.com/codingdroplets/OcelotAuthenticationAndAuthorization
did somebody actually make it work using the second method and not injecting the handler into the microservices?
Thank you for watching the video. The source code for the project explained in the video is available on GitHub (github.com/codingdroplets/OcelotAuthenticationAndAuthorization), and I encourage you to refer to it for further guidance and to try it out for yourself.
If you have any further questions or concerns, please do not hesitate to let me know. Thank you again for your interest in the tutorial and for taking the time to leave your comment.
it will be great if you shared github repository
github.com/codingdroplets/OcelotAuthenticationAndAuthorization
@@CodingDroplets Thank you very much for tutorial. Great job!
You are welcome
Thanks a lot. Could you plz share your source code also.
github.com/codingdroplets/OcelotAuthenticationAndAuthorization
Has anyone received 401 unauthorized despite providing a token when retrieving customers?
In the demo application, token validity is assigned as 20 mins. Hence you'll get Unauthorized response if the token is expired. Please find the source code in the below Github url.
github.com/codingdroplets/OcelotAuthenticationAndAuthorization
Yes
Thank you for this playlist but i've question : if we update or refactoring any api what about the inserted data on databases ?
- we must update code any time as customer requests without remove any inserted data, what can we make it ?
finaly many thanks for this playlist
In docker, we can create volume for DB folder.
Please share github url for reference
github.com/codingdroplets/OcelotAuthenticationAndAuthorization
Can you provide github link or source code?
You can find the source code in the below URL.
github.com/codingdroplets/OcelotAuthenticationAndAuthorization
Thank you
Thanks for not sharing code
Source Code is available in our Github Repo:
github.com/codingdroplets/OcelotAuthenticationAndAuthorization
Thank you for this very useful video.
You're very welcome! Glad to hear that you found the video useful.