Hold the door! Powerful API gateways with Ocelot and ASP.Net Core 

Dan Patrascu-Baba BIO: Software developer @Amdaris, Founder @Codewrinkles, Co-organizer @ApexVox Blog: http://danpatrascu.com Twitter: @danpdc 

Agenda • Microservices: short overview • Why an API gateway? • Meet Ocelot! • Ocelot – basic concepts and configuration • Ocelot – working with Authorization 

Microservices – short overview 

Basic microservices architecture 

So why is the API gateway important? Unified entry point to the system • Clients can communicate easier with the system • Certain policies can be centralized • Centrally enforced security • Responses can be aggregated • Centralized caching 

What should an API gateway do? • Proxying • Service discovery • Response aggregation • Header transformation • Load balancing • Authorization • Rate limiting 

Meet Ocelot! • Meets all mentioned requirements • Easy to configure • Can be extended with own functionality 

Ocelot features • Request aggregation • Authentication/authorization • Header transformation • Rate limiting • Caching • Service discovery • Easy to integrate with Service Fabric and Kubernetes • Extensible (by middleware or delegating handlers) • …and many more 

Ocelot under the hood Request API gateway Middleware 1 Request builder middleware Service 1 Service 2 Service 3 Service 4 New request Response 1 2 3 4 5 6 7 8 9 

The configuration Easy configuration: 1. A ReRoutes array • The ReRoutes are the objects that tell Ocelot how to treat an upstream request 2. A GlobalConfiguration object • Used to set the baseUrl or override ReRoute configurations if needed 3. Config file should be called ocelot.json 

…but it gets messier 

…and messier { "DownstreamPathTemplate": "/", "UpstreamPathTemplate": "/", "UpstreamHttpMethod": [ "Get" ], "AddHeadersToRequest": {}, "AddClaimsToRequest": {}, "RouteClaimsRequirement": {}, "AddQueriesToRequest": {}, "RequestIdKey": "", "FileCacheOptions": { "TtlSeconds": 0, "Region": "" }, DangerousAcceptAnyServerCertifica teValidator": false } "ReRouteIsCaseSensitive": false, "ServiceName": "", "DownstreamScheme": "http", "DownstreamHostAndPorts": [ { "Host": "localhost", "Port": 51876, } ], "QoSOptions": { "ExceptionsAllowedBeforeBreaking": 0, "DurationOfBreak": 0, "TimeoutValue": 0 }, "LoadBalancer": "", "RateLimitOptions": { "ClientWhitelist": [], "EnableRateLimiting": false, "Period": "", "PeriodTimespan": 0, "Limit": 0 }, "AuthenticationOptions": { "AuthenticationProviderKey": "", "AllowedScopes": [] }, "HttpHandlerOptions": { "AllowAutoRedirect": true, "UseCookieContainer": true, "UseTracing": true }, " 

Ocelot routing 

Routing basics • Ocelot describes the routing of one request to another as a ReRoute • ReRoutes are defined in the configuration • The DownstreamPathTemplate, DownstreamScheme and DownstreamHostAndPorts define the URL that a request will be forwarded to • The UpstreamPathTemplate is the URL that Ocelot will use to identify which DownstreamPathTemplate to use for a given request • Ocelot you can add placeholders for variables to your Templates in the form of {something} • Both UpStream and Downstream paths should end with a trailing / 

Authentication / Authorization 

Features • Easy integration with Identity Server 4, Auth0 and Okta • When using JWT tokens, those can be used for a bunch of useful features like authorization based on claims, scopes, header transformation and many more • You can easily add your custom authentication or token validation systems • Each ReRoute needs to be configured to use the registered authentication / authorization options 

Header transformation • Custom headers can be added to each request before it is sent to the downstream service • Custom headers can be added to responses that will be sent to consumers • JWT token claims can be transformed into headers 

DEMO: Ocelot in action 

Resources • Ocelot docs: https://ocelot.readthedocs.io/en/latest/ • Ocelot repo: https://github.com/ThreeMammals/Ocelot • My blog: http://danpatrascu.com 

No content

Thank you!