我正在使用ASP.NET微服务加上一个单独的OcelotAPI网关,它用于身份验证/授权和重路由。这是我的配置文件:
{
"Routes": [
// *** User API ***
{
"UpstreamPathTemplate": "/User/{id}",
"UpstreamHttpMethod": [ "Get"],
"DownstreamScheme": "https",
"DownstreamHostAndPorts": [
{
"Host": "localhost",
"Port": 7268
}
],
"DownstreamPathTemplate": "/api/User/{id}",
"DownstreamHttpMethod": "Get",
"AuthenticationOptions": {
"AuthenticationProviderKey": "Bearer",
"AllowedScopes": [
"Cart.API",
"Catalogue.API",
"Identity.API",
"offline_access"
]
},
"RouteClaimsRequirement": {
"Administrator": "true"
}
},
{
"UpstreamPathTemplate": "/User/{id}",
"UpstreamHttpMethod": [ "Put" ],
"DownstreamScheme": "https",
"DownstreamHostAndPorts": [
{
"Host": "localhost",
"Port": 7268
}
],
"DownstreamPathTemplate": "/api/User/{id}",
"DownstreamHttpMethod": "Put",
"AuthenticationOptions": {
"AuthenticationProviderKey": "Bearer",
"AllowedScopes": [
"Cart.API",
"Catalogue.API",
"Identity.API",
"offline_access"
]
},
"RouteClaimsRequirement": {
"Administrator": "true"
}
},
{
"UpstreamPathTemplate": "/User/{id}",
"UpstreamHttpMethod": [ "Delete" ],
"DownstreamScheme": "https",
"DownstreamHostAndPorts": [
{
"Host": "localhost",
"Port": 7268
}
],
"DownstreamPathTemplate": "/api/User/{id}",
"DownstreamHttpMethod": "Delete",
"AuthenticationOptions": {
"AuthenticationProviderKey": "Bearer",
"AllowedScopes": [
"Cart.API",
"Catalogue.API",
"Identity.API",
"offline_access"
]
},
"RouteClaimsRequirement": {
"Administrator": "true"
}
},
//edit,get logged user
{
"UpstreamPathTemplate": "/User/LoggedUser",
"UpstreamHttpMethod": [ "Put" ],
"DownstreamScheme": "https",
"DownstreamHostAndPorts": [
{
"Host": "localhost",
"Port": 7268
}
],
"DownstreamPathTemplate": "/api/User/LoggedUser",
"DownstreamHttpMethod": "Put",
"AuthenticationOptions": {
"AuthenticationProviderKey": "Bearer",
"AllowedScopes": [
"Cart.API",
"Catalogue.API",
"Identity.API",
"offline_access"
]
}
},
{
"UpstreamPathTemplate": "/User/LoggedUser",
"UpstreamHttpMethod": [ "Get" ],
"DownstreamScheme": "https",
"DownstreamHostAndPorts": [
{
"Host": "localhost",
"Port": 7268
}
],
"DownstreamPathTemplate": "/api/User/LoggedUser",
"DownstreamHttpMethod": "Get",
"AuthenticationOptions": {
"AuthenticationProviderKey": "Bearer",
"AllowedScopes": [
"Cart.API",
"Catalogue.API",
"Identity.API",
"offline_access"
]
}
}
//edit,get logged user
],
"GlobalConfiguration": {
"BaseUrl": "https://localhost:7193"
}
}现在问题来了。我有端点[GET] /User/LoggedUser(在底部),它被配置为没有任何授权,它调用/api/User/LoggedUser。我还有端点[GET] /User/{id},它被配置为具有授权,它调用/api/User/{id}
如果我将当前配置作为一个整体使用,并尝试使用已验证的用户调用[GET] /User/LoggedUser,但不使用声明Administrator:false-〉它不起作用
如果我删除[GET] /User/{id}的重新路由,正如你所看到的,这是一个完全独立的端点重新路由-上面的问题就消失了。就好像Ocelot把这两个端点当作一个。但是我不明白为什么。下面是控制台日志:
只有这两个端点有问题。如果我调用[PUT] /User/LoggedUser,则在我删除[PUT] /User/{id}之前它不会工作。没有检测到其他问题。至少目前是这样。
更新1
所以我将我的API端点从/api/User/LoggedUser重命名为/LoggedUser(下行路径),将我的上行路径更改为/Test/LoggedUser,它工作了。所以,很明显这是一个url冲突。我应该如何处理这样的问题?
更新2
我再次将端点更改为:
{
"UpstreamPathTemplate": "/Get/LoggedUser",
"UpstreamHttpMethod": [ "Get" ],
"DownstreamScheme": "https",
"DownstreamHostAndPorts": [
{
"Host": "localhost",
"Port": 7268
}
],
"DownstreamPathTemplate": "/api/User/Get/LoggedUser",
"DownstreamHttpMethod": "Get",
"AuthenticationOptions": {
"AuthenticationProviderKey": "Bearer",
"AllowedScopes": [
"Cart.API",
"Catalogue.API",
"Identity.API",
"offline_access"
]
}
},
{
"UpstreamPathTemplate": "/Edit/LoggedUser",
"UpstreamHttpMethod": [ "Put" ],
"DownstreamScheme": "https",
"DownstreamHostAndPorts": [
{
"Host": "localhost",
"Port": 7268
}
],
"DownstreamPathTemplate": "/api/User/Edit/LoggedUser",
"DownstreamHttpMethod": "Put",
"AuthenticationOptions": {
"AuthenticationProviderKey": "Bearer",
"AllowedScopes": [
"Cart.API",
"Catalogue.API",
"Identity.API",
"offline_access"
]
}
}但冲突依然存在。
更新3
我有其他端点在某种程度上是重叠的。例如:
{
"UpstreamPathTemplate": "/User/Login",
"UpstreamHttpMethod": [ "Post" ],
"DownstreamScheme": "https",
"DownstreamHostAndPorts": [
{
"Host": "localhost",
"Port": 7268
}
],
"DownstreamPathTemplate": "/api/User/Login",
"DownstreamHttpMethod": "Post"
},
{
"UpstreamPathTemplate": "/User/Register",
"UpstreamHttpMethod": [ "Post" ],
"DownstreamScheme": "https",
"DownstreamHostAndPorts": [
{
"Host": "localhost",
"Port": 7268
}
],
"DownstreamPathTemplate": "/api/User/Register",
"DownstreamHttpMethod": "Post"
}然而,这些端点没有问题。它们都是POST,都以API/User和/User开始。我看不出其他端点有什么问题。
1条答案
按热度按时间aoyhnmkz1#
我认为这个问题应该从后端api的路由配置来解决,而不是ocelot配置。你应该配置默认路由的顺序(优先级),从特定到通用。在上面的例子中,
/api/User/LoggedUser应该在/api/User/{id}之前匹配。请看www.example.com mvc和web.api中的this文章,了解更多关于路由优先级的信息asp.net。