Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Hold the door! Powerful API gateways with Ocelo...

Avatar for Dan Patrascu-Baba Dan Patrascu-Baba
June 08, 2019
0
400

Hold the door! Powerful API gateways with Ocelot and ASP.Net Core

API gateways are a vital part of a microservices / service oriented architecture. An API gateway should be able to perform a lot of very important tasks like proxying requests, header transformation, service discovery, authorization and many more. If you need an API gateway for your project you're lucky! You don't need to build everything by yourself. Meet the Ocelot API gateway library! In this presentation you'll find basic information on how to configure Ocelot, how routing works and how you can leverage the gateway as a central point to enforce authentication / authorization
Avatar for Dan Patrascu-Baba

Dan Patrascu-Baba

June 08, 2019
Tweet

Featured

See All Featured
JavaScript: Past, Present, and Future - NDC Porto 2020
Avatar for David Neal reverentgeek
47
5.3k
Six Lessons from altMBA
Avatar for Skipper Chong Warson skipperchong
28
3.7k
Learning to Love Humans: Emotional Interface Design
Avatar for Aarron Walter aarron
273
40k
The Cult of Friendly URLs
Avatar for Andy Hume andyhume
78
6.3k
Docker and Python
Avatar for Tania Allard trallard
44
3.4k
Bootstrapping a Software Product
Avatar for Garrett Dimon garrettdimon
PRO
307
110k
What’s in a name? Adding method to the madness
Avatar for Product Marketing Alliance productmarketing
PRO
22
3.4k
Building Adaptive Systems
Avatar for Chris Keathley keathley
41
2.5k
StorybookのUI Testing Handbookを読んだ
Avatar for Shingo Yamazaki zakiyama
29
5.7k
Embracing the Ebb and Flow
Avatar for Simon Collison colly
85
4.7k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
Avatar for Michelle Schulp Hunt marktimemedia
30
2.3k
Raft: Consensus for Rubyists
Avatar for Patrick Van Stee vanstee
137
6.9k

Transcript

  1. Hold the door! Powerful API gateways with Ocelot and ASP.Net

    Core

  2. Dan Patrascu-Baba BIO: Software developer @Amdaris, Founder @Codewrinkles, Co-organizer @ApexVox

    Blog: http://danpatrascu.com Twitter: @danpdc

  3. Agenda • Microservices: short overview • Why an API gateway?

    • Meet Ocelot! • Ocelot – basic concepts and configuration • Ocelot – working with Authorization

  4. Microservices – short overview

  5. Basic microservices architecture

  6. So why is the API gateway important? Unified entry point

    to the system • Clients can communicate easier with the system • Certain policies can be centralized • Centrally enforced security • Responses can be aggregated • Centralized caching

  7. What should an API gateway do? • Proxying • Service

    discovery • Response aggregation • Header transformation • Load balancing • Authorization • Rate limiting

  8. Meet Ocelot! • Meets all mentioned requirements • Easy to

    configure • Can be extended with own functionality

  9. Ocelot features • Request aggregation • Authentication/authorization • Header transformation

    • Rate limiting • Caching • Service discovery • Easy to integrate with Service Fabric and Kubernetes • Extensible (by middleware or delegating handlers) • …and many more

  10. Ocelot under the hood Request API gateway Middleware 1 Request

    builder middleware Service 1 Service 2 Service 3 Service 4 New request Response 1 2 3 4 5 6 7 8 9

  11. The configuration Easy configuration: 1. A ReRoutes array • The

    ReRoutes are the objects that tell Ocelot how to treat an upstream request 2. A GlobalConfiguration object • Used to set the baseUrl or override ReRoute configurations if needed 3. Config file should be called ocelot.json

  12. …but it gets messier

  13. …and messier { "DownstreamPathTemplate": "/", "UpstreamPathTemplate": "/", "UpstreamHttpMethod": [ "Get"

    ], "AddHeadersToRequest": {}, "AddClaimsToRequest": {}, "RouteClaimsRequirement": {}, "AddQueriesToRequest": {}, "RequestIdKey": "", "FileCacheOptions": { "TtlSeconds": 0, "Region": "" }, DangerousAcceptAnyServerCertifica teValidator": false } "ReRouteIsCaseSensitive": false, "ServiceName": "", "DownstreamScheme": "http", "DownstreamHostAndPorts": [ { "Host": "localhost", "Port": 51876, } ], "QoSOptions": { "ExceptionsAllowedBeforeBreaking": 0, "DurationOfBreak": 0, "TimeoutValue": 0 }, "LoadBalancer": "", "RateLimitOptions": { "ClientWhitelist": [], "EnableRateLimiting": false, "Period": "", "PeriodTimespan": 0, "Limit": 0 }, "AuthenticationOptions": { "AuthenticationProviderKey": "", "AllowedScopes": [] }, "HttpHandlerOptions": { "AllowAutoRedirect": true, "UseCookieContainer": true, "UseTracing": true }, "

  14. Ocelot routing

  15. Routing basics • Ocelot describes the routing of one request

    to another as a ReRoute • ReRoutes are defined in the configuration • The DownstreamPathTemplate, DownstreamScheme and DownstreamHostAndPorts define the URL that a request will be forwarded to • The UpstreamPathTemplate is the URL that Ocelot will use to identify which DownstreamPathTemplate to use for a given request • Ocelot you can add placeholders for variables to your Templates in the form of {something} • Both UpStream and Downstream paths should end with a trailing /

  16. Authentication / Authorization

  17. Features • Easy integration with Identity Server 4, Auth0 and

    Okta • When using JWT tokens, those can be used for a bunch of useful features like authorization based on claims, scopes, header transformation and many more • You can easily add your custom authentication or token validation systems • Each ReRoute needs to be configured to use the registered authentication / authorization options

  18. Header transformation • Custom headers can be added to each

    request before it is sent to the downstream service • Custom headers can be added to responses that will be sent to consumers • JWT token claims can be transformed into headers

  19. DEMO: Ocelot in action

  20. Resources • Ocelot docs: https://ocelot.readthedocs.io/en/latest/ • Ocelot repo: https://github.com/ThreeMammals/Ocelot •

    My blog: http://danpatrascu.com
  21. None

  22. Thank you!