search

Xabaril / AspNetCore.Diagnostics.HealthChecks

Enterprise HealthChecks for ASP.NET Core Diagnostics Package
Apache License 2.0
3.99k stars 776 forks source link

Require authorization for both endpoint and UI #1084

Open kristofferjalen opened 2 years ago

kristofferjalen commented 2 years ago

In the sample, only the UI requires authorization, but not the endpoint. Is that by intention? Why protect the UI if the endpoint is unprotected? Isn't all information available anonymously from the endpoint then? What am I missing?

Requiring authorization for both the endpoint and for the UI will crash the UI:

app.MapHealthChecks("/health", new HealthCheckOptions
{
    Predicate = _ => true,
    ResponseWriter = UIResponseWriter.WriteHealthCheckUIResponse,
}).RequireAuthorization(Policies.HealthChecksUiPolicy);

app.MapHealthChecksUI()
    .RequireAuthorization(Policies.HealthChecksUiPolicy);

gives:

Unexpected character encountered while parsing value: <. Path '', line 0, position 0.

This seems to have been reported in https://github.com/Xabaril/AspNetCore.Diagnostics.HealthChecks/issues/327 but that issue was closed.

aleksvujic commented 1 year ago

Did you manage to solve the issue? We have the exact same problem.

volkanytu commented 1 year ago

I have the exact same issue. Is there any update on this? @kristofferjalen