Chapter 10. Securing microservice-to-microservice communication
This chapter covers
- Determining where to perform user authentication and authorization in a microservice system
- Deciding on the level of trust in your microservice system
- Using IdentityServer to authenticate users
- Authorizing microservice-to-microservice requests
Up to this point in the book, we’ve ignored security; but for most systems, security is an important concern that needs careful attention. This chapter discusses how to address security concerns in a microservice system. In a monolith, the monolith does user authentication and authorization—there is, after all, only the monolith to do those things. In a microservice system, several microservices are involved in answering most user requests; the question is this: which ones are responsible for authentication, and which ones are responsibility for authorization? You must also ask how much the microservices can trust each other:
- If one microservice authenticates a user, can other microservices trust that user?
- Are all microservices allowed to call each other?