CODEWITHSUNDEEP
identityserver4api-gatewayocelot
Shubham Goel
Shubham Goel

Reputation: 71

Ocelot Identity Server: message: Request for authenticated route {api-path} by was unauthenticated

I am getting the following error in a docker container. I am trying to create api gateway using ocelot and authentication by identity server.

message: Client has NOT been authenticated for {api-path} and pipeline error set. Request for authenticated route {api-path} by  was unauthenticated
Error Code: UnauthenticatedError Message: Request for authenticated route {api-path} by  was unauthenticated errors found in ResponderMiddleware. Setting error response for request path:{api-path}, request method: GET

I can see that the client name is empty there but not sure why it is happening.

Below is the code in my api gateway

                IdentityModelEventSource.ShowPII = true;

                var authenticationProviderKey = "IdentityApiKey";

                services.AddAuthentication().AddJwtBearer(authenticationProviderKey, x =>
                {
                    x.Authority = "http://identityserver";
                    x.RequireHttpsMetadata = false;
                    x.TokenValidationParameters = new TokenValidationParameters
                    {
                        ValidateAudience = false
                    };
                });

Ocelot-config.json //added the authentication parameters

"AuthenticationOptions": {
    "AuthenticationProviderKey": "IdentityApiKey",
    "AllowedScopes": [ "AdminService" ]
  },

Code in my microservice

public void ConfigureServices(IServiceCollection services)
    {
            services.AddAuthentication("Bearer").AddJwtBearer("Bearer", options =>
            {
                options.Authority = "http://identityserver";
                options.RequireHttpsMetadata = false;
                options.TokenValidationParameters = new TokenValidationParameters
                {
                    ValidateAudience = false
                };
            });
     ........
 }
 
 public void Configure(...)
 {
      ....
      app.UseAuthentication();
      app.UseAuthorization();
      ....
 }

My IdentityConfig in identity server

public class IdentityConfig
{
    public static IEnumerable<Client> Clients => new Client[]
    {
        new Client
        {
            ClientId = "Consumer_01",
            ClientName = "Consumer_01",
            AllowedGrantTypes = GrantTypes.ClientCredentials,
            ClientSecrets = new List<Secret> { new Secret("Consumer01".Sha256()) },
            AllowedScopes = new List<String> { "consumerservice" }
        },
        new Client
        {
            ClientId = "Consumer_02",
            ClientName = "Consumer_02",
            AllowedGrantTypes = GrantTypes.ClientCredentials,
            ClientSecrets = new List<Secret> { new Secret("Consumer02".Sha256()) },
            AllowedScopes = new List<String> { "consumerservice" }
        },
        new Client
        {
            ClientId = "Provider_01",
            ClientName = "Provider_01",
            AllowedGrantTypes = GrantTypes.ClientCredentials,
            ClientSecrets = new List<Secret> { new Secret("Provider01".Sha256()) },
            AllowedScopes = new List<String> { "providerservice" }
        },
        new Client
        {
            ClientId = "Provider_02",
            ClientName = "Provider_02",
            AllowedGrantTypes = GrantTypes.ClientCredentials,
            ClientSecrets = new List<Secret> { new Secret("Provider02".Sha256()) },
            AllowedScopes = new List<String> { "providerservice" }
        },
        new Client
        {
            ClientId = "Provider_03",
            ClientName = "Provider_03",
            AllowedGrantTypes = GrantTypes.ClientCredentials,
            ClientSecrets = new List<Secret> { new Secret("Provider03".Sha256()) },
            AllowedScopes = new List<String> { "providerservice" }
        },
        new Client
        {
            ClientId = "Provider_04",
            ClientName = "Provider_04",
            AllowedGrantTypes = GrantTypes.ClientCredentials,
            ClientSecrets = new List<Secret> { new Secret("Provider04".Sha256()) },
            AllowedScopes = new List<String> { "providerservice" }
        },
        new Client
        {
            ClientId = "Admin_01",
            ClientName = "Admin_01",
            AllowedGrantTypes = GrantTypes.ClientCredentials,
            ClientSecrets = new List<Secret> { new Secret("Admin01".Sha256()) },
            AllowedScopes = new List<String> { "AdminService" }
        }
    };

    public static IEnumerable<ApiScope> ApiScopes => new ApiScope[]
    {
         new ApiScope("consumerservice", "Consumer Service"),
         new ApiScope("providerservice", "Provider Service"),
         new ApiScope("AdminService", "AdminService")
    };

    public static IEnumerable<IdentityResource> GetIdentityResources()
    {
        return new[]
        {
            new IdentityResources.OpenId(),
            new IdentityResources.Profile(),
            new IdentityResources.Email(),
            new IdentityResource
            {
                Name = "admin",
                UserClaims = new List<string> {"admin"}
            }
        };
    }

    public static IEnumerable<ApiResource> GetApiResources()
    {
        return new[]
        {
            new ApiResource
            {

            }
        };
    }

    public static List<TestUser> TestUsers()
    {
        return new List<TestUser> {
            new TestUser {

            }
        };
    }
}

IdentityServer startup

public void ConfigureServices(IServiceCollection services)
        {
            IdentityModelEventSource.ShowPII = true;

            services.AddIdentityServer()
                     .AddInMemoryClients(IdentityConfig.Clients)
                     .AddInMemoryIdentityResources(IdentityConfig.GetIdentityResources())
                     .AddInMemoryApiResources(IdentityConfig.GetApiResources())
                     .AddInMemoryApiScopes(IdentityConfig.ApiScopes)
                     .AddTestUsers(IdentityConfig.TestUsers())
                     .AddDeveloperSigningCredential();
        }

public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
        {
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
            }

            app.UseRouting();
            app.UseIdentityServer();
            app.UseEndpoints(endpoints =>
            {
                endpoints.MapGet("/", async context =>
                {
                    await context.Response.WriteAsync("Hello World!");
                });
            });
        }

I have tried many things but nothing seems to be worked. I only get 401 error.

Not sure if I was clear, but if you have anything, please help. Thank You.

Upvotes: 2

Views: 2919

Answers (3)

Germanhlg
Germanhlg

Reputation: 1

In my case I solve the error removing the nuget package Microsoft.IdentityModel.Tokens. Hope you can find this useful

Upvotes: -1

Mohammad Alomar
Mohammad Alomar

Reputation: 11

add ValidateIssuer = false to TokenValidationParameters and it will worke fine

Upvotes: 1

MoBe
MoBe

Reputation: 81

I had the same error, and my code has the same structure.

I was rerouting from http (ocelot url) when the solution I guess, to me at least, was to reroute from https.

Example: https://localhost:5001/rerouteDestination

Hope it would solve someone else's problem

Upvotes: 0

Related Questions