A practice project on how to secure microservices with using standalone Identity Server 4 and backing with Ocelot API Gateway.
First of all, i developed Movies.API and protect this API resources with IdentityServer4 OAuth 2.0 implementation. Generated JWT Token with client_credentials from IdentityServer4 and will use this token for securing Movies.API protected resources.
After that, i developed Movies.Client MVC project for Interactive Client of our application. This Interactive Movies.Client application will be secured with OpenID Connect in IdentityServer4. Our client application pass credentials with logging to an Identity Server and receive back a JSON Web Token (JWT).
Also, i developed centralized standalone Authentication Server and Identity Provider with implementing IdentityServer4. Identity Server4 is an open source framework which implements OpenId Connect and OAuth2 protocols for .NET Core. With Identity Server, we can provide authentication and access control for our web applications or Web APIs from a single point between applications or on a user basis.
Lastly, i developed an Ocelot API Gateway and make secure protected API resources over the Ocelot API Gateway with transferring JWTs. Once the client has a bearer token it will call the API endpoint which is fronted by Ocelot. Ocelot is working as a reverse proxy in here.
After Ocelot reroutes the request to the internal API, it will present the token to Identity Server in the authorization pipeline. If the client is authorized the request will be processed and a list of movies will be sent back to the client.
- .NET 8.0
git clone https://github.com/enesmetek/secure-microservices-with-identityserver4.git cd .\secure-microservices-with-identityserver4 dotnet build SecureMicroservices.sln dotnet run SecureMicroservices.sln GET /api/movies GET /api/movies/{id} POST /api/movies PUT /api/movies/{id} DELETE /api/movies/{id}