Open Closed

How to Implement API Gateway Authentication #8749


User avatar
0
Ehab@Siemat created
  • ABP Framework version: v9.1

  • UI Type: Angular

  • Database System: EF Core (SQL Server, PostgreSQL)

  • Tiered (for MVC) or Auth Server Separated (for Angular): yes

Hello,

We are looking to implement authorization for an API Gateway. Specifically, I am interested in integrating YARP with ABP, with a focus on managing authentication.

Could you provide guidance on the best approach for integrating YARP with ABP to handle authentication, particularly for token-based systems such as JWT? I am also looking for best practices or sample code, particularly on how to securely add and use AuthorizationPolicy(default , anonymous, custom policy..) in the context of an API Gateway.

Any documentation or sample code to assist with this process would be greatly appreciated.

Thanks


5 Answer(s)
  • User Avatar
    0
    EngincanV created
    Support Team .NET Developer

    Hi, if you have an existing microservice application and are using Ocelot, you can follow the Migrating API Gateway from Ocelot to YARP.

    Actually, even if you are not migrating from Ocelot to YARP, you can still read this documentation to see the migration steps.


    By the way, ABP's new microservice solution uses YARP as its default API gateway (https://abp.io/docs/latest/solution-templates/microservice/api-gateways#yarp-reverse-proxy). So, you can create a new microservice solution and see the integration points for an example.

    Regards.

  • User Avatar
    0
    Ehab@Siemat created

    We are using a new microservice solution with YARP.
    What i want to do exactly is adding authentication and authorization on my gateway, so i added an AuthorizationPolicy on the route i want to secure (wanna configure the authorization policy by providing the AuthorizationPolicy value in the route configuration)

    "Routes": { "order": { "ClusterId": "order", "AuthorizationPolicy": "authenticated", "Match": { "Path": "/api/order/{**catch-all}" } },

    and also i want to use a custom policy

    i added

    app.UseAuthentication(); app.UseAuthorization();

    and

    context.Services.AddAuthorization(options => { options.AddPolicy("authenticated", policy => policy.RequireAuthenticatedUser()); });

    but raised error related to authentication,
    and when i added

    context.Services.AddAuthentication("Bearer") .AddJwtBearer(options => { options.Authority = "http://localhost:44349"; options.RequireHttpsMetadata = false; options.Events = new JwtBearerEvents { OnAuthenticationFailed = context => { var exception = context.Exception; Console.WriteLine($"Authentication failed: {exception.Message}"); return Task.CompletedTask; }, OnTokenValidated = context => { var token = context.SecurityToken; Console.WriteLine($"Token validated: {token}"); return Task.CompletedTask; } }; });

    raised error related to invalid audiance

    Please i want an example on the correct way to configure the authorization policy by providing the AuthorizationPolicy value in the route configuration.

  • User Avatar
    0
    Ehab@Siemat created

    i fixed the error by adding

                    ValidateAudience = false
    

    and now policy.RequireAuthenticatedUser(); is working fine

    but when i used

    policy.RequireRole("Admin");

    i get 403 error

    plz advise.

  • User Avatar
    0
    EngincanV created
    Support Team .NET Developer

    i fixed the error by adding

                    ValidateAudience = false 
    

    and now policy.RequireAuthenticatedUser(); is working fine

    but when i used

    policy.RequireRole("Admin");

    i get 403 error

    plz advise.

    Hi, I'm currently testing, I will write you back asap.

    Regards.

  • User Avatar
    0
    EngincanV created
    Support Team .NET Developer

    i fixed the error by adding

                    ValidateAudience = false 
    

    and now policy.RequireAuthenticatedUser(); is working fine

    but when i used

    policy.RequireRole("Admin");

    i get 403 error

    plz advise.

    Hi, tried with the exact code that you shared and it worked smoothly. By any chance, is there a typo or case-sensitivity in your Admin role?

Boost Your Development
ABP Live Training
Packages
See Trainings
Mastering ABP Framework Book
Do you need assistance from an ABP expert?
Schedule a Meeting
Mastering ABP Framework Book
The Official Guide
Mastering
ABP Framework
Learn More
Mastering ABP Framework Book
Made with ❤️ on ABP v9.2.0-preview. Updated on March 13, 2025, 04:08