Implementing API Gateway Authentication With YARP + .NET 8

Поделиться
HTML-код
  • Опубликовано: 4 дек 2024

Комментарии • 63

  • @MilanJovanovicTech
    @MilanJovanovicTech  4 месяца назад +1

    Get the source code for this video for FREE → the-dotnet-weekly.ck.page/gateway-auth
    Want to master Clean Architecture? Go here: bit.ly/3PupkOJ
    Want to unlock Modular Monoliths? Go here: bit.ly/3SXlzSt

  • @Ebrahem-outlook
    @Ebrahem-outlook 4 месяца назад +6

    Milon, I thank you very much because you provide the source code for free. I have never seen anyone do that. You are a dedicated person who loves others, and this reflects the love of others for you. Thank you, Milon, for all this hard work.

  • @dotnetMasterCSharp
    @dotnetMasterCSharp 4 месяца назад +3

    This is awesome and useful content for devs!

  • @MB-Kajtech
    @MB-Kajtech 4 месяца назад +6

    Nice one, haven't actually had the change to look at YARP much due to NGINX and AGIC, with our apps being monolithic in nature.
    Have you considered doing a video on Keycloak from .NET dev point of view. For work I'm stuck with Entra Id, but been using keycloak on my own cluster. Great piece of software imo. Might not be in high demand due to everyone being stuck with Okta, Entra Id or similar, but then again I still, from time to time, see identity server 4 mentioned, so might be the lack of content about it? Then again I know atleast some government agencies are using Keycloak so there is usage but not much content.

    • @MilanJovanovicTech
      @MilanJovanovicTech  4 месяца назад +3

      I'm planning a nice content series about it soon! :)

    • @MB-Kajtech
      @MB-Kajtech 4 месяца назад

      @@MilanJovanovicTech Awesome! Looking forward to it! :)

  • @josepvg
    @josepvg 4 месяца назад +1

    Great video, i'm a fan now

  • @kodindoyannick5328
    @kodindoyannick5328 4 месяца назад

    Thanks Milan for the video.

  • @leakeymaina5495
    @leakeymaina5495 2 месяца назад +1

    Hi Milan, Thanks for this video...please can you use KeyCloak for the YARP API Gateway Authentication

    • @MilanJovanovicTech
      @MilanJovanovicTech  2 месяца назад +1

      Just watch my Keycloak video and integrate it into YARP, not too difficult

  • @ojhkhofdgfd
    @ojhkhofdgfd 3 месяца назад

    Thank you for the video. Is it possible to have .NET generate an accessToken which is JWT that could be refreshed by the refreshToken that is already shared in the login endpoint?

    • @MilanJovanovicTech
      @MilanJovanovicTech  3 месяца назад +1

      Oh yes, there's nothing magical about it. I'll see if I can do a video dedicated to that.

  • @stickyamp5996
    @stickyamp5996 4 месяца назад

    Does the internal apis have some kind of authentication? Or does they trust the api gateway? Maybe it is more interesting to secure the internal apis because gateway is exposed to users and is more security risk imo. What do you think?

    • @MilanJovanovicTech
      @MilanJovanovicTech  4 месяца назад

      Typically they do, you can also setup JWT auth on the APIs (and you will in 99.99% cases).

  • @ArjunLearnsTech
    @ArjunLearnsTech 4 месяца назад

    How should we approach implementing zero trust in an API gateway architecture? While an API gateway can centralize access control and minimize the attack surface, is it advisable to forward the complete JWT to downstream services for validation against the authority again?

    • @MilanJovanovicTech
      @MilanJovanovicTech  4 месяца назад +1

      Yes, definitely. In reality you'll also have auth in downstream services.

    • @mathisbidault3331
      @mathisbidault3331 3 месяца назад

      @@MilanJovanovicTech Great video Milan !
      Is limiting network access to services by exposing them only to the API Gateway or via the server's internal network rather than validating JWT tokens a second time in downstream services a potential solution in your opinion?
      I'm aware that the ZTA principle wouldn't be respected, but I was wondering about this for small infrastructures.
      Maybe mTLS service-to-service authentication could be a good topic for a video 😜
      Thanks!

  • @cengizhanbalci
    @cengizhanbalci 3 месяца назад

    Hi Milan,
    I have been researching for a few days on developing a route-based retry and circuit breaker for my .NET application using Yarp.ReverseProxy.
    How can we do this using the Polly library?
    I couldn't find a source on this subject, can you make a RUclips video?
    Thanks

    • @MilanJovanovicTech
      @MilanJovanovicTech  3 месяца назад

      Check out this: www.milanjovanovic.tech/blog/building-resilient-cloud-applications-with-dotnet
      But I'm not sure if we can apply these policies with YARP 🤔

  • @vuhoang5903
    @vuhoang5903 2 месяца назад

    This is awesome

  • @nanny07
    @nanny07 4 месяца назад +2

    How to pass the token to the inner APIs?

    • @MilanJovanovicTech
      @MilanJovanovicTech  4 месяца назад +4

      It'll be automatically forwarded. You'd just need to use a real JWT to be able to decode it in the downstream APIs.

  • @antonmartyniuk
    @antonmartyniuk 4 месяца назад

    Nice tutorial.
    Milan, what other API gateways did you use except YARP ?

    • @MilanJovanovicTech
      @MilanJovanovicTech  4 месяца назад +1

      Out of open source ones, I used Ocelot. Also cloud gateways on AWS/Azure.

  • @HelloWorld-th9vb
    @HelloWorld-th9vb 4 месяца назад

    Hi Milan, which of your paid courses can you recommend which cover DDD and clean architecture, authentication and authorisation end to end, I feel like it will help me gain confidence as a dotnet developer 😊

    • @MilanJovanovicTech
      @MilanJovanovicTech  4 месяца назад

      Pragmatic Clean Architecture sounds like a good fit for what you're looking for. Check the full curriculum here to see if it's aligned with your goals: www.milanjovanovic.tech/pragmatic-clean-architecture#curriculum

    • @HelloWorld-th9vb
      @HelloWorld-th9vb 4 месяца назад

      @@MilanJovanovicTech Thanks Milan

  • @kattamanchiarjun
    @kattamanchiarjun 4 месяца назад

    Thanks for the video.
    Can YARP replace Azure APIM?
    What is the difference between them?

    • @MilanJovanovicTech
      @MilanJovanovicTech  4 месяца назад +1

      We'd be comparing a cloud API Gateway vs a self-managed one. Does that comparison make sense? Azure APIM is a much more robust product. Definitely use it if you're on Azure.

  • @mridulpaul1378
    @mridulpaul1378 2 месяца назад

    Could you please make a video on implementing resiliency on yarp gateway? Thanks :)

  • @mahmadmusffir8459
    @mahmadmusffir8459 4 месяца назад

    I am using asynchronous communication in microservices but i need user information in request or response form , how i can do it because it is synchronization communication

    • @MilanJovanovicTech
      @MilanJovanovicTech  4 месяца назад +1

      Send an HTTP request? Or do messaging request-response

  • @Paul-uo9sv
    @Paul-uo9sv 13 часов назад

    Hi Milan, when i use my https for destination address, i get a ssl connection could not be established... Remote certification chain errors... What's the fix? Localhost

    • @MilanJovanovicTech
      @MilanJovanovicTech  5 часов назад

      You get this error on YARP?

    • @Paul-uo9sv
      @Paul-uo9sv Час назад

      @@MilanJovanovicTech yes, when i call the yarp gateway when it's running on docker container from postman using https url. Http works fine.

  • @mahmadmusffir8459
    @mahmadmusffir8459 4 месяца назад

    Can you make one tutorial on full microservices and api gateway

  • @TheinTunZaw-uj1un
    @TheinTunZaw-uj1un 4 месяца назад

    Can we use cloud api gateway instead?

  • @Max1weber
    @Max1weber 4 месяца назад

    Is it also posible the change the authentication type towards the backend api. Eg api Gateway incoming jwt auth but backend uses client certificate

    • @MilanJovanovicTech
      @MilanJovanovicTech  4 месяца назад

      Probably, but you'll need to implement that yourself on the gateway

    • @Max1weber
      @Max1weber 4 месяца назад

      @@MilanJovanovicTech but the gateway calls the backend service? So it has to change the authorization

    • @Max1weber
      @Max1weber 4 месяца назад

      @@MilanJovanovicTech probably custom forwarder?

  • @shivanff3709
    @shivanff3709 9 дней назад

    @Milan Jovanović Bro the source code link is not working please give a valid link it's my kind request.

    • @MilanJovanovicTech
      @MilanJovanovicTech  9 дней назад

      Fixed it. Can you try again?

    • @shivanff3709
      @shivanff3709 9 дней назад

      ​@@MilanJovanovicTechMan really you are the best kind hearted youtuber❤ and you just replied very fast love from india brother🇮🇳 and the link is working now

  • @chuannguyen1686
    @chuannguyen1686 4 месяца назад

    Yeah

    • @MilanJovanovicTech
      @MilanJovanovicTech  4 месяца назад

      👈

    • @chuannguyen1686
      @chuannguyen1686 4 месяца назад

      @@MilanJovanovicTech The approach is to authorize in api gateway. Imagine that we have many services and we need to config a bunch of endpoints, and each endpoint has its own policy. Is it a good way?
      Or maybe we just authen in apigateway and we pass token to downstream service, they will authorize it by themselve.

  • @sunzhang-d9v
    @sunzhang-d9v 4 месяца назад

    Consul ,kubernates ? Is there a plan😋

  • @yevgenletin5531
    @yevgenletin5531 4 месяца назад

    good :)

  • @RamiNassarPlus
    @RamiNassarPlus 4 месяца назад +1

    I'm the first viewer :D