Last post Dec 23, 2016 11:51 PM by priyalwalpita
Dec 22, 2016 09:56 PM|priyalwalpita|LINK
I am implementing a solution with set of Micro Services (Web API 2 Rest Services) with Rabbit MQ as the message broker. The Edge server is Authenticated using OAuth based Identity server. Internal Micro Sevices calls are not Authorized or Authenticated.
My objective is to secure all internal Micro Services with Authentication and Authorization. Need to secure internal communication from MiTM attack or eavesdropping.
One thing we can do is relaying the edge server's Auth Token into internal Micro Services. But if someone captures the Auth token, they can perform a Confuse Deputy attack ( act as a legitimate Micro Service ). And anyone can intercept or eavesdrop the
communication in between Micro Services.
Please let me know a better solution for this.
Thanks in advance.
Dec 23, 2016 06:20 AMemail@example.com|LINK
You could take a look at these articles:
Dec 23, 2016 11:51 PM|priyalwalpita|LINK
Thanks @aliceyonng for the links !