'Ocelot gateway support multiple claims in RouteClaimsRequirement
At the moment our config on .net core looks like this "RouteClaimsRequirement": { "Claim": "settings_read" },
Is it possible to add more claims like below. "RouteClaimsRequirement": { "Claim": "settings_read,settings_admin" },
Otherwise people with admin permissions would end up getting 403 error.
Solution 1:[1]
We're dealing with the same issue currently. After a thorough investigation, we landed in a set of possible approaches. Whichever suits your stomach, it's up to you to decide.
The properly proper approach is implement API scopes on the client that connects to your system. Depending on the flavor of your security (we're using IdS4), this may make a lot of or none sense at all.
The semi-proper approach is to horse around implementing custom middleware in Ocelot moving the control logic to C# from the config YAML.
The less proper approach is to set up a bunch of sections in the YAML file, one for each endpoint, verb, path etc. dealing with each its own claim (single) value. This solution sucks, scales poorly and I hope that it actually fails either way.
We're currently discussing which of the two first approaches that is the most appropriate.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
Solution | Source |
---|---|
Solution 1 | Konrad Viltersten |