search

HangfireIO / Hangfire

An easy way to perform background job processing in .NET and .NET Core applications. No Windows Service or separate process required
https://www.hangfire.io
Other
9.32k stars 1.69k forks source link

Hangfire Dashboard authorization is not working in .NET Core #2395

Open sohaibameenvivup opened 4 months ago

sohaibameenvivup commented 4 months ago

Hello Everyone,

.NET Core 5 Hangfire Version 1.8.12

I have a .NET Core 5 project in which I have configured hangfire dashboard. .NET Core project has authentication scheme defined as "JwtBearerDefaults.AuthenticationScheme". It is authorizing the request properly when I am hitting different controller APIs using postman but when I access the hangfire dashboard using "/hangfire" route and try to authorize the user in custom authorization filter, it always shows "httpContext.User.Identity?.IsAuthenticated = false" and does not show any claims.

I am following this official documentation. https://docs.hangfire.io/en/latest/configuration/using-dashboard.html#configuring-authorization

services.AddHangfire(configuration => configuration .SetDataCompatibilityLevel(CompatibilityLevel.Version_180) .UseSimpleAssemblyNameTypeSerializer() .UseRecommendedSerializerSettings() .UseSqlServerStorage(Environment.GetEnvironmentVariable("HANGFIRECONNSTR_HighFiveConnection"))); // Add the processing server as IHostedService services.AddHangfireServer();

`app.UseHttpsRedirection(); app.UseStaticFiles(); app.UseSpaStaticFiles(); app.UseAuthentication(); app.UseRouting();

var options = new DashboardOptions
{
    Authorization = new[] { new MyAuthorizationFilter() }
};
app.UseHangfireDashboard("/hangfire", options);
app.UseAuthorization();`

`public class MyAuthorizationFilter : IDashboardAuthorizationFilter { public bool Authorize([NotNull] DashboardContext context) { var httpContext = context.GetHttpContext();

    // Allow all authenticated users to see the Dashboard (potentially dangerous).
    return httpContext.User.Identity?.IsAuthenticated ?? false;
}

}`

There must be minor configuration issue so that would be great if anybody can help me out this. Thanks

pieceofsummer commented 4 months ago

Have you tried moving UseAuthentication and UseAuthorization after UseRouting but before UseHangfireDashboard, as suggested in the documentation? The order of middlewares may sometimes be important.

sohaibameenvivup commented 4 months ago

@pieceofsummer yes I have tried it by following the same order but it did not work 

 app.UseRouting();
  app.UseAuthentication();
  app.UseAuthorization();

  app.UseHangfireDashboard("/hangfire", new DashboardOptions
  {
      Authorization = new[] { new MyAuthorizationFilter() }
  });

public class MyAuthorizationFilter : IDashboardAuthorizationFilter
{
    public bool Authorize(DashboardContext context)
    {
        var httpContext = context.GetHttpContext();

        // Allow all authenticated users to see the Dashboard (potentially dangerous).
        return httpContext.User.Identity?.IsAuthenticated ?? false;
    }
}