Receiving 401 depending on the order of my API Route, when calling API's through Ocelot API Gateway
JordanOakTyres opened this issue · comments
Problem:
I am trying to use one of my API's from my Ocelot API Gateway, but each time I try to run the API through the Gateway I receive a 401 error code. The Ocelot route for the API is configured without the AuthenticationOptions object, as I don't want this API to be validated by a JWT Bearer token, like my other API's.
Additional Information relating to the issue, I have 5 API's in my Ocelot.json file (Please see below), 4 of which don't have the AuthenticationOptions object, but when I try to test my SignUP API. I receive a 401 error code. When I try again but this time switch places with the UserLogin API, so the route order then goes SignUp and the UserLogin.
The SignUp API now works (200 status code) and the UserLogin (worked previously) now results in the 401 error code.
My ocelot.json file:
{
"Routes": [
{
//ForgotPassword Controller
"UpstreamPathTemplate": "/api/Test/SendResetPasswordEmail",
"UpstreamHttpMethod": [ "Post" ],
"DownstreamHostAndPorts": [
{
"Host": "**My_Host**",
"Port": 443
}
],
"DownstreamScheme": "https",
"DownstreamPathTemplate": "/api/Test/SendResetPasswordEmail"
},
{
"UpstreamPathTemplate": "/api/Test/Oak8Login",
"UpstreamHttpMethod": [ "Post" ],
"DownstreamHostAndPorts": [
{
"Host": "**My_Host**",
"Port": 443
}
],
"DownstreamScheme": "https",
"DownstreamPathTemplate": "/api/Test/Oak8Login"
},
{
"UpstreamPathTemplate": "/api/Test/UserLogin",
"UpstreamHttpMethod": [ "Post" ],
"DownstreamHostAndPorts": [
{
"Host": "**My_Host**",
"Port": 443
}
],
"DownstreamScheme": "https",
"DownstreamPathTemplate": "/api/Test/UserLogin"
},
{
//SignUp Controller
"UpstreamPathTemplate": "/api/Test/SignUp",
"UpstreamHttpMethod": [ "Post" ],
"DownstreamHostAndPorts": [
{
"Host": "**My_Host**",
"Port": 443
}
],
"DownstreamScheme": "https",
"DownstreamPathTemplate": "/api/Test/SignUp"
},
{
//Login Controller
"UpstreamPathTemplate": "/api/Test/UserLogout",
"UpstreamHttpMethod": [ "Post" ],
"DownstreamHostAndPorts": [
{
"Host": "**My_Host**",
"Port": 443
}
],
"DownstreamScheme": "https",
"DownstreamPathTemplate": "/api/Test/UserLogout",
"AuthenticationOptions": {
"AuthenticationProviderKeys": [ "MyKey" ],
"AllowedScopes": []
}
}
],
"GlobalConfiguration": {
"BaseUrl": "**My_URL**"
}
}
My program.cs file:
using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.IdentityModel.Tokens;
using Ocelot.DependencyInjection;
using Ocelot.Middleware;
using System.Diagnostics;
using System.Text;
var builder = WebApplication.CreateBuilder(args);
// Add services to the container.
builder.Services.AddControllers();
builder.Services.AddEndpointsApiExplorer();
builder.Services.AddSwaggerGen();
var authenticationProviderKey = "MyKey";
var configurationBuilder = new ConfigurationBuilder();
builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(authenticationProviderKey, options =>
{
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = true,
ValidateAudience = true,
ValidateLifetime = true,
ValidateIssuerSigningKey = true,
ValidIssuer = "**My_Issuer**",
ValidAudience = "**My_Audience**",
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("**My_Secret_Key**"))
};
});
configurationBuilder.AddJsonFile("ocelot.json", optional: false, reloadOnChange: true);
var configuration = configurationBuilder.Build();
builder.Services.AddOcelot(configuration);
var app = builder.Build();
// Configure the HTTP request pipeline.
app.UseSwagger();
app.UseSwaggerUI();
app.UseHttpsRedirection();
app.UseAuthentication();
app.UseAuthorization();
app.MapControllers();
app.UseOcelot().Wait();
app.Run();
Expected behaviour:
I would expect the 4 API's without the AuthenticationOptions object set in the API route, to never receive a 401, while the 1 API with the AuthenticationOptions object, to fail if no token attached, or an invalid token.
Please help.
Specifications:
- Version: 23.2.2 (Nuget package)
- Platform: Visual Studio