Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hangfire Dashboard authorization is not working in .NET Core #2395

Open
sohaibameenvivup opened this issue Apr 18, 2024 · 2 comments
Open

Hangfire Dashboard authorization is not working in .NET Core #2395

sohaibameenvivup opened this issue Apr 18, 2024 · 2 comments

Comments

@sohaibameenvivup
Copy link

sohaibameenvivup commented Apr 18, 2024
edited

Hello Everyone,

.NET Core 5
Hangfire Version 1.8.12

I have a .NET Core 5 project in which I have configured hangfire dashboard. .NET Core project has authentication scheme defined as
"JwtBearerDefaults.AuthenticationScheme". It is authorizing the request properly when I am hitting different controller APIs using postman but when I access the hangfire dashboard using "/hangfire" route and try to authorize the user in custom authorization filter, it always shows "httpContext.User.Identity?.IsAuthenticated = false" and does not show any claims.

I am following this official documentation.
https://docs.hangfire.io/en/latest/configuration/using-dashboard.html#configuring-authorization

services.AddHangfire(configuration => configuration .SetDataCompatibilityLevel(CompatibilityLevel.Version_180) .UseSimpleAssemblyNameTypeSerializer() .UseRecommendedSerializerSettings() .UseSqlServerStorage(Environment.GetEnvironmentVariable("HANGFIRECONNSTR_HighFiveConnection"))); // Add the processing server as IHostedService services.AddHangfireServer();

`app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseSpaStaticFiles();
app.UseAuthentication();
app.UseRouting();

var options = new DashboardOptions
{
    Authorization = new[] { new MyAuthorizationFilter() }
};
app.UseHangfireDashboard("/hangfire", options);
app.UseAuthorization();`

`public class MyAuthorizationFilter : IDashboardAuthorizationFilter
{
public bool Authorize([NotNull] DashboardContext context)
{
var httpContext = context.GetHttpContext();

    // Allow all authenticated users to see the Dashboard (potentially dangerous).
    return httpContext.User.Identity?.IsAuthenticated ?? false;
}

}`

There must be minor configuration issue so that would be great if anybody can help me out this. Thanks
@pieceofsummer
Copy link
Contributor

Have you tried moving UseAuthentication and UseAuthorization after UseRouting but before UseHangfireDashboard, as suggested in the documentation? The order of middlewares may sometimes be important.

@sohaibameenvivup
Copy link
Author

sohaibameenvivup commented Apr 19, 2024
edited

@pieceofsummer yes I have tried it by following the same order but it did not work

app.UseRouting();
 app.UseAuthentication();
 app.UseAuthorization();

 app.UseHangfireDashboard("/hangfire", new DashboardOptions
 {
     Authorization = new[] { new MyAuthorizationFilter() }
 });


public class MyAuthorizationFilter : IDashboardAuthorizationFilter
{
    public bool Authorize(DashboardContext context)
    {
        var httpContext = context.GetHttpContext();

        // Allow all authenticated users to see the Dashboard (potentially dangerous).
        return httpContext.User.Identity?.IsAuthenticated ?? false;
    }
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pieceofsummer @sohaibameenvivup