$30 off During Our Annual Pro Sale. View Details »

Hold the door! Powerful API gateways with Ocelot and ASP.Net Core

Dan Patrascu-Baba
June 08, 2019
330

Hold the door! Powerful API gateways with Ocelot and ASP.Net Core

API gateways are a vital part of a microservices / service oriented architecture. An API gateway should be able to perform a lot of very important tasks like proxying requests, header transformation, service discovery, authorization and many more. If you need an API gateway for your project you're lucky! You don't need to build everything by yourself. Meet the Ocelot API gateway library! In this presentation you'll find basic information on how to configure Ocelot, how routing works and how you can leverage the gateway as a central point to enforce authentication / authorization

Dan Patrascu-Baba

June 08, 2019
Tweet

Transcript

  1. Hold the door! Powerful
    API gateways with
    Ocelot and ASP.Net Core

    View Slide

  2. Dan Patrascu-Baba
    BIO: Software developer @Amdaris, Founder
    @Codewrinkles, Co-organizer @ApexVox
    Blog: http://danpatrascu.com
    Twitter: @danpdc

    View Slide

  3. Agenda
    • Microservices: short overview
    • Why an API gateway?
    • Meet Ocelot!
    • Ocelot – basic concepts and configuration
    • Ocelot – working with Authorization

    View Slide

  4. Microservices – short overview

    View Slide

  5. Basic microservices architecture

    View Slide

  6. So why is the API
    gateway important?
    Unified entry point to the system
    • Clients can communicate easier with the
    system
    • Certain policies can be centralized
    • Centrally enforced security
    • Responses can be aggregated
    • Centralized caching

    View Slide

  7. What should an API gateway do?
    • Proxying
    • Service discovery
    • Response aggregation
    • Header transformation
    • Load balancing
    • Authorization
    • Rate limiting

    View Slide

  8. Meet Ocelot!
    • Meets all mentioned
    requirements
    • Easy to configure
    • Can be extended with
    own functionality

    View Slide

  9. Ocelot features
    • Request aggregation
    • Authentication/authorization
    • Header transformation
    • Rate limiting
    • Caching
    • Service discovery
    • Easy to integrate with Service Fabric and Kubernetes
    • Extensible (by middleware or delegating handlers)
    • …and many more

    View Slide

  10. Ocelot under the hood
    Request
    API
    gateway
    Middleware 1
    Request builder
    middleware
    Service 1
    Service 2
    Service 3
    Service 4
    New
    request
    Response
    1
    2
    3
    4
    5
    6
    7
    8
    9

    View Slide

  11. The configuration
    Easy configuration:
    1. A ReRoutes array
    • The ReRoutes are the objects that tell
    Ocelot how to treat an upstream request
    2. A GlobalConfiguration object
    • Used to set the baseUrl or override
    ReRoute configurations if needed
    3. Config file should be called ocelot.json

    View Slide

  12. …but it gets messier

    View Slide

  13. …and messier
    {
    "DownstreamPathTemplate":
    "/",
    "UpstreamPathTemplate": "/",
    "UpstreamHttpMethod": [
    "Get"
    ],
    "AddHeadersToRequest": {},
    "AddClaimsToRequest": {},
    "RouteClaimsRequirement":
    {},
    "AddQueriesToRequest": {},
    "RequestIdKey": "",
    "FileCacheOptions": {
    "TtlSeconds": 0,
    "Region": ""
    },
    DangerousAcceptAnyServerCertifica
    teValidator": false
    }
    "ReRouteIsCaseSensitive": false,
    "ServiceName": "",
    "DownstreamScheme": "http",
    "DownstreamHostAndPorts": [
    {
    "Host": "localhost",
    "Port": 51876,
    }
    ],
    "QoSOptions": {
    "ExceptionsAllowedBeforeBreaking": 0,
    "DurationOfBreak": 0,
    "TimeoutValue": 0
    },
    "LoadBalancer": "",
    "RateLimitOptions": {
    "ClientWhitelist": [],
    "EnableRateLimiting": false,
    "Period": "",
    "PeriodTimespan": 0,
    "Limit": 0
    },
    "AuthenticationOptions": {
    "AuthenticationProviderKey": "",
    "AllowedScopes": []
    },
    "HttpHandlerOptions": {
    "AllowAutoRedirect": true,
    "UseCookieContainer": true,
    "UseTracing": true
    },
    "

    View Slide

  14. Ocelot routing

    View Slide

  15. Routing basics
    • Ocelot describes the routing of one request to
    another as a ReRoute
    • ReRoutes are defined in the configuration
    • The DownstreamPathTemplate,
    DownstreamScheme and
    DownstreamHostAndPorts define the URL that
    a request will be forwarded to
    • The UpstreamPathTemplate is the URL that
    Ocelot will use to identify which
    DownstreamPathTemplate to use for a given
    request
    • Ocelot you can add placeholders for variables
    to your Templates in the form of {something}
    • Both UpStream and Downstream paths should
    end with a trailing /

    View Slide

  16. Authentication / Authorization

    View Slide

  17. Features
    • Easy integration with Identity Server 4,
    Auth0 and Okta
    • When using JWT tokens, those can be
    used for a bunch of useful features like
    authorization based on claims, scopes,
    header transformation and many
    more
    • You can easily add your custom
    authentication or token validation
    systems
    • Each ReRoute needs to be configured
    to use the registered authentication /
    authorization options

    View Slide

  18. Header transformation
    • Custom headers can be added to
    each request before it is sent to
    the downstream service
    • Custom headers can be added to
    responses that will be sent to
    consumers
    • JWT token claims can be
    transformed into headers

    View Slide

  19. DEMO: Ocelot in action

    View Slide

  20. Resources
    • Ocelot docs: https://ocelot.readthedocs.io/en/latest/
    • Ocelot repo: https://github.com/ThreeMammals/Ocelot
    • My blog: http://danpatrascu.com

    View Slide

  21. View Slide

  22. Thank you!

    View Slide