docker-compose.override.yml

@@ -225,6 +225,7 @@ services:
   apigw:
     environment:
       - ASPNETCORE_ENVIRONMENT=Development
+      - identityUrl=http://identity.api              #Local: You need to open your local dev-machine firewall at range 5100-5110.
     ports:
       - "5200:80"
 
@@ -233,6 +234,7 @@ services:
       - ASPNETCORE_ENVIRONMENT=Development
       - urls__basket=http://basket.api
       - urls__catalog=http://catalog.api
+      - urls__identity=http://identity.api              #Local: You need to open your local dev-machine firewall at range 5100-5110.
     ports:
       - "5120:80"
 

src/Apigw/OcelotApiGw/Startup.cs

@@ -26,6 +26,17 @@ namespace OcelotApiGw
 
         public void ConfigureServices(IServiceCollection services)
         {
+            var identityUrl = _cfg.GetValue<string>("IdentityUrl");
+            var authenticationProviderKey = "IdentityApiKey";
+
+            services.AddAuthentication()
+                .AddJwtBearer(authenticationProviderKey, x =>
+                {
+                    x.Authority = identityUrl;
+                    x.RequireHttpsMetadata = false;
+                    x.Audience = "ocelot";
+                });
+
             services.AddOcelot(_cfg);
         }
 

src/Apigw/OcelotApiGw/configuration/configuration.json

@@ -8,6 +8,18 @@
       "UpstreamPathTemplate": "/purchase-bff/catalog/{everything}",
       "UpstreamHttpMethod": [ "GET" ]
     },
+    {
+      "DownstreamPathTemplate": "/{everything}",
+      "DownstreamScheme": "http",
+      "DownstreamHost": "purchase-bff",
+      "DownstreamPort": 80,
+      "UpstreamPathTemplate": "/purchase-bff/{everything}",
+      "UpstreamHttpMethod": [],
+      "AuthenticationOptions": {
+        "AuthenticationProviderKey": "IdentityApiKey",
+        "AllowedScopes": []
+      }
+    },
     {
       "DownstreamPathTemplate": "/{everything}",
       "DownstreamScheme": "http",

src/BFFs/PurchaseBff/Startup.cs

@@ -1,7 +1,9 @@
 using System;
 using System.Collections.Generic;
+using System.IdentityModel.Tokens.Jwt;
 using System.Linq;
 using System.Threading.Tasks;
+using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Http;
@@ -73,6 +75,28 @@ namespace PurchaseBff
                     .AllowAnyHeader()
                     .AllowCredentials());
             });
+
+
+            JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
+            var identityUrl = Configuration.GetValue<string>("urls:identity");
+            services.AddAuthentication(options =>
+            {
+                options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
+                options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
+
+            }).AddJwtBearer(options =>
+            {
+                options.Authority = identityUrl;
+                options.RequireHttpsMetadata = false;
+                options.Audience = "ocelot";
+                options.Events = new JwtBearerEvents()
+                {
+                    OnAuthenticationFailed = async ctx =>
+                    {
+                        int i = 0;
+                    }
+                };
+            });
         }
 
         // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.

src/BFFs/PurchaseBff/appsettings.localhost.json

@@ -1,6 +1,7 @@
 {
   "urls": {
     "basket": "http://localhost:55105",
-    "catalog": "http://localhost:55101"
+    "catalog": "http://localhost:55101",
+    "identity":  "http://localhost:55105"
   }
 }

src/Services/Basket/Basket.API/Properties/launchSettings.json

@@ -3,7 +3,7 @@
     "windowsAuthentication": false,
     "anonymousAuthentication": true,
     "iisExpress": {
-      "applicationUrl": "http://localhost:55105/",
+      "applicationUrl": "http://localhost:55103/",
       "sslPort": 0
     }
   },
@@ -19,7 +19,7 @@
     "Microsoft.eShopOnContainers.Services.Basket.API": {
       "commandName": "Project",
       "launchBrowser": true,
-      "launchUrl": "http://localhost:55105/",
+      "launchUrl": "http://localhost:55103/",
       "environmentVariables": {
         "ASPNETCORE_ENVIRONMENT": "Development"
       }

src/Services/Identity/Identity.API/Properties/launchSettings.json

@@ -3,7 +3,7 @@
     "windowsAuthentication": false,
     "anonymousAuthentication": true,
     "iisExpress": {
-      "applicationUrl": "http://localhost:5105",
+      "applicationUrl": "http://localhost:55105",
       "sslPort": 0
     }
   },
@@ -11,7 +11,7 @@
     "IIS Express": {
       "commandName": "IISExpress",
       "launchBrowser": true,
-      "launchUrl": "http://localhost:5105",
+      "launchUrl": "http://localhost:55105",
       "environmentVariables": {
         "ASPNETCORE_ENVIRONMENT": "Development"
       }
@@ -19,7 +19,7 @@
     "eShopOnContainers.Identity": {
       "commandName": "Project",
       "launchBrowser": true,
-      "launchUrl": "http://localhost:5000",
+      "launchUrl": "http://localhost:55105",
       "environmentVariables": {
         "ASPNETCORE_ENVIRONMENT": "Development"
       }

src/Web/WebMVC/Controllers/TestController.cs

@@ -0,0 +1,56 @@
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.eShopOnContainers.BuildingBlocks.Resilience.Http;
+using Microsoft.eShopOnContainers.WebMVC.Services;
+using Microsoft.eShopOnContainers.WebMVC.ViewModels;
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+
+namespace WebMVC.Controllers
+{
+    class TestPayload
+    {
+        public int CatalogItemId { get; set; }
+        public string BasketId { get; set; }
+
+        public int Quantity { get; set; }
+    }
+
+    [Authorize]
+    public class TestController : Controller
+    {
+        private readonly IHttpClient _client;
+        private readonly IIdentityParser<ApplicationUser> _appUserParser;
+        public TestController(IHttpClient client, IIdentityParser<ApplicationUser> identityParser)
+        {
+            _client = client;
+            _appUserParser = identityParser;
+        }
+
+        public async Task<IActionResult> Ocelot()
+        {
+            var url = "http://apigw/purchase-bff/api/v1/basket/items";
+            var payload = new TestPayload()
+            {
+                CatalogItemId = 1,
+                Quantity = 1,
+                BasketId = _appUserParser.Parse(User).Id
+            };
+            var token = await HttpContext.GetTokenAsync("access_token");
+            var response = await _client.PostAsync<TestPayload>(url, payload, token);
+            
+            if (response.IsSuccessStatusCode)
+            {
+                var str =  await response.Content.ReadAsStringAsync();
+                return Ok(str);
+            }
+            else
+            {
+                return Ok(new { response.StatusCode, response.ReasonPhrase });
+            }
+        }
+    }
+}