I'm liking your content so far. Thank you so much for making short content videos. I have learnt many new things. Just wanted to add , in this video, I would have used ResouceFilter in Inventory API to extract from headers, so that I can keep controller code clean. Also then would use Authorize attribute on controller/ action methods to prevent access.
But the example shared in the video, even if the user hit inventory and order service urls directly, they will work. I failed to understand how the authetication and authorization will work in inventory and order APIs.
Yea, this example is only useful as an additional "check" to ensure your API requests are coming from a centralized source (like a frontend) but from a security standpoint, this is unacceptable. Ideally the real auth should be a bearer token (where you could actually embed the proposed API key anyway) which then needs to get validated against the other microservices. That's what this video should have been about given the title.
Yes they will work, but It should have a Bearer token in the headers. This video doesn't show how to use Bearer token to authenticate downstream services and also how to use 'Bearer' as AuthenticationProviderKey in the ocelot.json
Your complete series about Microservices is really value addition. I really appreciate your efforts of creating such a simple but concept-clearing videos on each topic related to Microservice. Your way of explaning the concept is very clear which helped me to understand those concepts faster. Thank you so much. 🙂
Hi sir! I really like your videos and it would be so helpful to have the source code as part of the code is done already before the video started. Thank you.
Don't like this video, I expected information about microservices that execute periodic tasks and run under system accounts. It's obvious we can pass the context for the user, when we have it. Also, only the last 20 seconds actually talk about the Microservice -> Microservice authentication. The first 10 minutes are basically just a demo for what you talked in your previous video.
Thank you so much for explaining microservices with real examples. keep it up.
Glad it was helpful!
I'm liking your content so far. Thank you so much for making short content videos. I have learnt many new things.
Just wanted to add , in this video, I would have used ResouceFilter in Inventory API to extract from headers, so that I can keep controller code clean. Also then would use Authorize attribute on controller/ action methods to prevent access.
Hi can you please explain. Can we send a token from auth-gateway to other microservices through the header and that should be validated.
But the example shared in the video, even if the user hit inventory and order service urls directly, they will work. I failed to understand how the authetication and authorization will work in inventory and order APIs.
Yea, this example is only useful as an additional "check" to ensure your API requests are coming from a centralized source (like a frontend) but from a security standpoint, this is unacceptable. Ideally the real auth should be a bearer token (where you could actually embed the proposed API key anyway) which then needs to get validated against the other microservices. That's what this video should have been about given the title.
Yes they will work, but It should have a Bearer token in the headers. This video doesn't show how to use Bearer token to authenticate downstream services and also how to use 'Bearer' as AuthenticationProviderKey in the ocelot.json
Your complete series about Microservices is really value addition. I really appreciate your efforts of creating such a simple but concept-clearing videos on each topic related to Microservice. Your way of explaning the concept is very clear which helped me to understand those concepts faster. Thank you so much. 🙂
You are most welcome
Hi sir! I really like your videos and it would be so helpful to have the source code as part of the code is done already before the video started. Thank you.
Hi, Can you please create a video for real-life examples of Database per service and how to fetch data from different database?
HI coud you share repo fron this video?
Nice
Don't like this video, I expected information about microservices that execute periodic tasks and run under system accounts. It's obvious we can pass the context for the user, when we have it.
Also, only the last 20 seconds actually talk about the Microservice -> Microservice authentication. The first 10 minutes are basically just a demo for what you talked in your previous video.