Closed PeymanDinani closed 4 years ago
I just found a workaround for now. Setting AuthPresisSingleRequest to true fixed it for now. IIS has AuthPresisSingleRequest to false by default for performance reasons therefore authentication persisted for the remaining session. By setting AuthPresisSingleRequest to true in IIS, the user will be authenticated per request and no authentication info will be persisted. Now I need to make sure the sessions are not persisted for other services.
Hi, I have Ocelot gateway running on IIS, and there are multiple services such as Authentication behind it. My problem is when user one starts to call the services through ocelot, The next user (user two) from a different computer connects to services with user one's token. I tried to authenticate directly through Authentication Service without going through the gateway. Once I get the token and use it to call other services through the gateway, gateway holds on to that token despite different subsequent calls from other users. It almost seems like the gateway is holding on to the same application lifetime and context. Any idea what might be wrong with my setup?
gateway startup.cs:
Gateway program.cs:
Ocelot.Development.json: