❔ Best Approach to Implement Authentication and Authorization in Microservices with ASP.NET Core
Hi friends,
I'm looking for experience share.
I have Microservices architecture project, that uses
EF Core 7 and the Microservices are ASP.NET Core 7 API.
Each service has its own database on SQL Server and it uses EF Core.
I make a unified entry poiint to my Microservices project by using an API Gateway using Ocelot.
Now, I want to add the Authentication, is should I create a separate Microservice that will be responsible about he Authentication process and mapp it in the API Gateway (and make the other services free, without authentication)?
OR should I add the Authentication for each service itself?
OR is there any best practice or good suggestion for this case ?
Note: I want to use the JWT and Refresh Token mechanism for the authentication.
Please share with me your experience, and massive thanks in advance <32 Replies
It is a common practice to have a separate authentication microservice in microservice architecture to handle authentication and authorization. This will ensure that the other services are not burdened with the complexity of authentication and authorization, and can focus on their main responsibilities.
Having a separate authentication microservice will also allow you to centralize user management and easily update or change the authentication mechanism without affecting other services.
In your case, you can use the API Gateway to manage the authentication process using JWT and Refresh Token mechanism, and then pass the authenticated user details to the relevant microservices as needed. This will ensure that each service can perform authorization checks using the user details provided by the API Gateway, and restrict access to protected resources based on the user's role and permissions.
This approach will help to maintain the separation of concerns and reduce the overall complexity of your system, while providing a unified entry point for authentication and authorization. @MBARK
Looks like nothing has happened here. I will mark this as stale and this post will be archived until there is new activity.