Hello everybody. The world is struggling with the Covid 19 and the coronavirus is increasing day by day. I just want to say "Do not go anywhere stay at home and protect yourself".
So I have been working from home since March. Since I am always at home, I try to spend my time very efficiently. These days, I make more time to read and write code. This is my first post on this website so and I'm excited. I want to share my experience. In this post, I'm going to explain how to implement Ocelot on .Net Core Web API.
What is API Gateway?
An API Gateway is basically an interface. The API Gateway receives are calls and redirects to services.
What is Ocelot?
Ocelot is an API Gateway for the .Net Platform. Ocelot’s primary functionality is to take incoming HTTP requests and forward them to a downstream service I use for the microservice project. Here is the official page Ocelot https://ocelot.readthedocs.io/
Ocelot is a very powerful framework and here are the Ocelot features.
- Routing
- WebSockets
- Authentication
- Authorization
- Rate Limiting
- Caching
- Retry policies/QoS
- Load Balancing
- Logging/Tracing/Correlation etc.. For more feature lists you should visit the official website.
I designed a new microservice project with .Net Core 5.0. If you ask why did you prefer the newest framework? Only one reason. The reason is Swagger installed by default. At the bottom of the picture, I draw my project design.
Firstly I created a Visual Studio blank application. This application includes 3 different projects in the blank application. Here is the folder structure.
If you develop with visual studio code you should visit Dotnet commands from Commands
Now I'm gonna explain how to configure Ocelot with the .Net Core project. Here is the hero :) NuGet package is Ocelot.
Install the NuGet package on the API Gateway project then create a new JSON file and called ocelot.json here is the configuration.
{
"Routes": [
{
"DownstreamPathTemplate": "/api/catalog",
"DownstreamScheme": "http",
"DownstreamHostAndPorts": [
{
"Host": "localhost",
"Port": 7001
}
],
"UpstreamPathTemplate": "/catalog-service/catalog"
},
{
"DownstreamPathTemplate": "/api/customer",
"DownstreamScheme": "http",
"DownstreamHostAndPorts": [
{
"Host": "localhost",
"Port": 7002
}
],
"UpstreamPathTemplate": "/customer-service/customer",
"RateLimitOptions": {
"ClientWhitelist": [],
"EnableRateLimiting": true,
"Period": "1s",
"PeriodTimespan": 1,
"Limit": 1
}
},
{
"DownstreamPathTemplate": "/api/customer/{id}",
"DownstreamScheme": "http",
"DownstreamHostAndPorts": [
{
"Host": "localhost",
"Port": 7002
}
],
"UpstreamPathTemplate": "/customer-service/customer/{id}"
}
],
"GlobalConfiguration": {
"BaseUrl": "http://localhost:7000"
}
}
I defined the default port in Program.cs every project.
- API Gateway runs on http://localhost:7000
- Catalog API runs on http://localhost:7001
- Customer API runs on http://localhost:7002
Configure the Startup file.
Every first request coming to UpstreamPathTemplate after that goes to DownstreamPathTemplate. After all the configurations start all projects without debugging mode and open the Postman application.
CatalogController.cs
UpstreamPathTemplate is /customer-service/customer
DownstreamPathTemplate is /api/customer
If you request with a {id} parameter
UpstreamPathTemplate is /customer-service/customer/{id}
DownstreamPathTemplate is /api/customer/{id}
Another important feature is Rate Limiting. Rate limiting is a strategy for limiting network traffic. It puts a cap on how often someone can repeat an action within a certain timeframe – for instance, trying to log in to an account. Rate limiting can help stop certain kinds of malicious bot activity. It can also reduce strain on web servers. However, rate limiting is not a complete solution for managing bot activity. Cloudflare
"RateLimitOptions": {
"ClientWhitelist": [],
"EnableRateLimiting": true,
"Period": "1s",
"PeriodTimespan": 1,
"Limit": 1
}
I configure the /customer-service/customer endpoint. If you request in 1s multiple times I'll not reach the endpoint.
Thank you for your time :) 👋🏻
Source Code: Github
Reference:
Header Image
Top comments (8)
Hey,
This is a great stuff!
Do you have another version using Ocelot with .NET 5 that can support a custom Identity Api (Web Api with asp.net core identity) for authentication?
Looking forward with Authentication support version.
Hi, I found it for you. But you can use Nginx with docker. ocelot.readthedocs.io/en/latest/fe...
I've been using ocelot with a hobby project and so far its working pretty well (connected to 4 microservices) - originally using azure APIM but the consumption plan and start up cost was too much and the next level up just wasnt cost effective for a personal project *I do believe that once I'm ready to go to production I may switch to APIM though
Hi,
Using OCELOT, I would like to know if it's possible to send a request to a web api that know only windows authentication.
I have differents webapi applications: some that works in anonymous (so using token from ocelot is ok) and some that works with windows authentication (so I cant use the JWT).
IS Ocelot can work with only JWT or also with windows authentication ?
If yes, how to do that ?
Thanks a lot,
Aby
Interesting stuff. I've been looking for an alternative to Azure APIM for my personal projects and this might be it.
Nice Article!. Can we able to include Service Discovery (Consul) here?.
I think we can cover it.
This is a great stuff!
Do you have another version using Ocelot with .NET 5 that can support JwtBearer for authentication?