DEV Community

Cover image for Ocelot with .Net Core 5.0
burak
burak

Posted on • Edited on

Ocelot with .Net Core 5.0

Hello everybody. The world is struggling with the Covid 19 and the coronavirus is increasing day by day. I just want to say "Do not go anywhere stay at home and protect yourself".

So I have been working from home since March. Since I am always at home, I try to spend my time very efficiently. These days, I make more time to read and write code. This is my first post on this website so and I'm excited. I want to share my experience. In this post, I'm going to explain how to implement Ocelot on .Net Core Web API.

What is API Gateway?

An API Gateway is basically an interface. The API Gateway receives are calls and redirects to services.

What is Ocelot?

Ocelot is an API Gateway for the .Net Platform. Ocelot’s primary functionality is to take incoming HTTP requests and forward them to a downstream service I use for the microservice project. Here is the official page Ocelot https://ocelot.readthedocs.io/

Ocelot is a very powerful framework and here are the Ocelot features.

  • Routing
  • WebSockets
  • Authentication
  • Authorization
  • Rate Limiting
  • Caching
  • Retry policies/QoS
  • Load Balancing
  • Logging/Tracing/Correlation etc.. For more feature lists you should visit the official website.

I designed a new microservice project with .Net Core 5.0. If you ask why did you prefer the newest framework? Only one reason. The reason is Swagger installed by default. At the bottom of the picture, I draw my project design.

Untitled Document

Firstly I created a Visual Studio blank application. This application includes 3 different projects in the blank application. Here is the folder structure.

folder_structure

If you develop with visual studio code you should visit Dotnet commands from Commands

Now I'm gonna explain how to configure Ocelot with the .Net Core project. Here is the hero :) NuGet package is Ocelot.

ocelot-nuget

Install the NuGet package on the API Gateway project then create a new JSON file and called ocelot.json here is the configuration.

{
  "Routes": [
    {
      "DownstreamPathTemplate": "/api/catalog",
      "DownstreamScheme": "http",
      "DownstreamHostAndPorts": [
        {
          "Host": "localhost",
          "Port": 7001
        }
      ],
      "UpstreamPathTemplate": "/catalog-service/catalog"
    },
    {
      "DownstreamPathTemplate": "/api/customer",
      "DownstreamScheme": "http",
      "DownstreamHostAndPorts": [
        {
          "Host": "localhost",
          "Port": 7002
        }
      ],
      "UpstreamPathTemplate": "/customer-service/customer",
      "RateLimitOptions": {
        "ClientWhitelist": [],
        "EnableRateLimiting": true,
        "Period": "1s",
        "PeriodTimespan": 1,
        "Limit": 1
      }
    },
    {
      "DownstreamPathTemplate": "/api/customer/{id}",
      "DownstreamScheme": "http",
      "DownstreamHostAndPorts": [
        {
          "Host": "localhost",
          "Port": 7002
        }
      ],
      "UpstreamPathTemplate": "/customer-service/customer/{id}"
    }
  ],
  "GlobalConfiguration": {
    "BaseUrl": "http://localhost:7000"
  }
}
Enter fullscreen mode Exit fullscreen mode

I defined the default port in Program.cs every project.

Configure the Startup file.

Screen Shot 2020-11-30 at 3.59.55 PM

Every first request coming to UpstreamPathTemplate after that goes to DownstreamPathTemplate. After all the configurations start all projects without debugging mode and open the Postman application.

CatalogController.cs

Screen Shot 2020-11-30 at 4.02.35 PM

UpstreamPathTemplate is /customer-service/customer
DownstreamPathTemplate is /api/customer

postman

If you request with a {id} parameter

UpstreamPathTemplate is /customer-service/customer/{id}
DownstreamPathTemplate is /api/customer/{id}

request-param

Another important feature is Rate Limiting. Rate limiting is a strategy for limiting network traffic. It puts a cap on how often someone can repeat an action within a certain timeframe – for instance, trying to log in to an account. Rate limiting can help stop certain kinds of malicious bot activity. It can also reduce strain on web servers. However, rate limiting is not a complete solution for managing bot activity. Cloudflare

"RateLimitOptions": {
        "ClientWhitelist": [],
        "EnableRateLimiting": true,
        "Period": "1s",
        "PeriodTimespan": 1,
        "Limit": 1
      }
Enter fullscreen mode Exit fullscreen mode

I configure the /customer-service/customer endpoint. If you request in 1s multiple times I'll not reach the endpoint.

rate-limit

Thank you for your time :) 👋🏻

Source Code: Github

Reference:
Header Image

Top comments (8)

Collapse
 
lexenprise profile image
LEXEnprise

Hey,

This is a great stuff!
Do you have another version using Ocelot with .NET 5 that can support a custom Identity Api (Web Api with asp.net core identity) for authentication?

Looking forward with Authentication support version.

Collapse
 
burrock profile image
burak

Hi, I found it for you. But you can use Nginx with docker. ocelot.readthedocs.io/en/latest/fe...

Collapse
 
tiger333 profile image
Tiger333

I've been using ocelot with a hobby project and so far its working pretty well (connected to 4 microservices) - originally using azure APIM but the consumption plan and start up cost was too much and the next level up just wasnt cost effective for a personal project *I do believe that once I'm ready to go to production I may switch to APIM though

Collapse
 
eventaka profile image
eventaka

Hi,

Using OCELOT, I would like to know if it's possible to send a request to a web api that know only windows authentication.

I have differents webapi applications: some that works in anonymous (so using token from ocelot is ok) and some that works with windows authentication (so I cant use the JWT).

IS Ocelot can work with only JWT or also with windows authentication ?
If yes, how to do that ?

Thanks a lot,

Aby

Collapse
 
winstonpuckett profile image
Winston Puckett

Interesting stuff. I've been looking for an alternative to Azure APIM for my personal projects and this might be it.

Collapse
 
rajkumarraj profile image
Rajkumar

Nice Article!. Can we able to include Service Discovery (Consul) here?.

Collapse
 
burrock profile image
burak

I think we can cover it.

Collapse
 
thtrungtinh profile image
Tính Trần

This is a great stuff!
Do you have another version using Ocelot with .NET 5 that can support JwtBearer for authentication?