Login/Register
ASP.NET Core MVC Hangfire custom authentication
Asked Answered
c#asp.net-core-mvchangfire
F

4

15

I managed to work Hangfire on my ASP.NET Core MVC application, and now I am trying to add admin authorization.

I added the following code to the Startup.cs file:

app.UseHangfireDashboard("/hangfire", new DashboardOptions
 {
    Authorization = new[] {new  SecurityHelpers.AdminAuthorization.HangFireAuthorizationFilter() }
 });

app.UseHangfireServer();
RecurringJob.AddOrUpdate( () => Debug.WriteLine("Minutely Job"), Cron.Minutely);

Now I have a problem with custom authorization filter:

public class HangFireAuthorizationFilter : IDashboardAuthorizationFilter
{
    public bool Authorize(DashboardContext context)
    {
        return true;
    }
}

There are samples for old configuration with IAutohorizationFilter, and form version 1.6.8 there is a new interface IDashboardAuthorizationFilter, and I can't figure out how to implement it.

My web application uses claims.

thnx

Fractious answered 12/1, 2017 at 21:46 Comment(1)
Which version of hangfire do you use?Changteh
L
29

To add custom basic authentication in hangfire for asp.net core

Use Hangfire.Dashboard.Basic.Authentication nuget package.

Install using the command

Install-Package Hangfire.Dashboard.Basic.Authentication

Reference

In startup configure method add the following

app.UseHangfireDashboard("/hangfire", new DashboardOptions
        {
            //AppPath = "" //The path for the Back To Site link. Set to null in order to hide the Back To  Site link.
            DashboardTitle = "My Website",
            Authorization = new[]
        {
                new HangfireCustomBasicAuthenticationFilter{
                    User = _configuration.GetSection("HangfireSettings:UserName").Value,
                    Pass = _configuration.GetSection("HangfireSettings:Password").Value
                }
            }
        });

Add the following in the appsettings.json (Use your username and password)

 "HangfireSettings": {
     "UserName": "admin",
     "Password": "password"
 }
Larcener answered 19/4, 2020 at 10:31 Comment(6)
Thank you for the easiest one.Intersection
This should be the accepted answer, works with .net core 3.1, sqlite storage and memory storageNottingham
"IDX12741: JWT: 'System.String' must have three segments (JWS) or five segments (JWE)." @ArsmanAhmadGare
Yes @RasoolAghajani. ThanxIntersection
put this code I receive this Error in my Browser : "IDX12741: JWT: 'System.String' must have three segments (JWS) or five segments (JWE)." did u know what is this ? @ArsmanAhmadGare
No. Actually I didn't faced it while integrating HangFire in .NET 05. @RasoolAghajaniIntersection
V
19

Here's my implementation for .NET Core:

public class HangfireAuthorizationFilter : IDashboardAuthorizationFilter {
    private string policyName;

    public HangfireAuthorizationFilter(string policyName) {
        this.policyName = policyName;
    }

    public bool Authorize([NotNull] DashboardContext context) {
        var httpContext = context.GetHttpContext();
        var authService = httpContext.RequestServices.GetRequiredService<IAuthorizationService>();
        return authService.AuthorizeAsync(httpContext.User, this.policyName).ConfigureAwait(false).GetAwaiter().GetResult().Succeeded;
    }
}

Set it up in the Startup Configure with:

app.UseHangfireDashboard(
            pathMatch: "/hangfire",
            options: new DashboardOptions() {
                Authorization = new IDashboardAuthorizationFilter[] {
                    new HangfireAuthorizationFilter("somePolicy")
                }
            });

Make sure that the policy you've chosen (eg. "somePolicy") is set up previously in Startup ConfigureServices. For example:

services.Configure<AuthorizationOptions>(options => {
    options.AddPolicy("somePolicy", policy => {
        // require the user to be authenticated
        policy.RequireAuthenticatedUser();
        // Maybe require a claim here, if you need that.
        //policy.RequireClaim(ClaimTypes.Role, "some role claim");
    });
});
Vainglory answered 9/3, 2017 at 7:36 Comment(5)
@FarajFarook Any chance you could elaborate? I have this working on .NET Core 1.0.1, there's a chance something has changed on 1.1.Vainglory
Shit man. My bad. I forgot the using Microsoft.Extensions.DependencyInjection; I will check the whole solution and give you a thumbs up if it works. I'm sorry for the confusion from my end.Miculek
For some reason my Dashboard Context is not authenticated. I use the UserManager to sign in through the AccountController.Miculek
I should probably have been clearer about this in my answer, but have you made sure that the policy you feed into HangfireAuthorizationFilter (in this example "somePolicy") is a valid policy that you've set up? I'll update my answer.Vainglory
Worked quite well with github.com/blowdart/AspNetAuthorizationWorkshop Role Authorization sampleMicroeconomics
G
5

If you are using .NET Core 2.0, you would need a custom implementation to comply with the new auth standards.

You need to add a middleware. This one's provided by HangFire in their Github page/issues.

public class HangfireDashboardMiddleware
{
    private readonly DashboardOptions _dashboardOptions;
    private readonly JobStorage _jobStorage;
    private readonly RequestDelegate _nextRequestDelegate;
    private readonly RouteCollection _routeCollection;

    public HangfireDashboardMiddleware(
        RequestDelegate nextRequestDelegate,
        JobStorage storage,
        DashboardOptions options,
        RouteCollection routes)
    {
        _nextRequestDelegate = nextRequestDelegate;
        _jobStorage = storage;
        _dashboardOptions = options;
        _routeCollection = routes;
    }

    public async Task Invoke(HttpContext httpContext)
    {
        var aspNetCoreDashboardContext =
            new AspNetCoreDashboardContext(_jobStorage, _dashboardOptions, httpContext);

        var findResult = _routeCollection.FindDispatcher(httpContext.Request.Path.Value);
        if (findResult == null)
        {
            await _nextRequestDelegate.Invoke(httpContext);
            return;
        }

        // attempt to authenticate against default auth scheme (this will attempt to authenticate using data in request, but doesn't send challenge)
        var result = await httpContext.AuthenticateAsync();

        if (!httpContext.User.Identity.IsAuthenticated)
        {
            // request was not authenticated, send challenge and do not continue processing this request
            await httpContext.ChallengeAsync();
        }

        if (_dashboardOptions
            .Authorization
            .Any(filter =>
                     filter.Authorize(aspNetCoreDashboardContext) == false))
        {
            var isAuthenticated = httpContext.User?.Identity?.IsAuthenticated;
            httpContext.Response.StatusCode = isAuthenticated == true
                                                  ? (int) HttpStatusCode.Forbidden
                                                  : (int) HttpStatusCode.Unauthorized;
            return;
        }

        aspNetCoreDashboardContext.UriMatch = findResult.Item2;
        await findResult.Item1.Dispatch(aspNetCoreDashboardContext);
    }
}

Then in your Startup.cs You need to add this method

private static IApplicationBuilder UseHangfireDashboardCustom(IApplicationBuilder app,string pathMatch = "/hangfire",DashboardOptions options = null,JobStorage storage = null)
{
    var services = app.ApplicationServices;
    storage = storage ?? services.GetRequiredService<JobStorage>();
    options = options ?? services.GetService<DashboardOptions>() ?? new DashboardOptions();
    var routes = app.ApplicationServices.GetRequiredService<RouteCollection>();

    app.Map(new PathString(pathMatch), x =>
        x.UseMiddleware<HangfireDashboardMiddleware>(storage, options, routes));

    return app;
}

Finally, use the Custom Authorization

    public void Configure(IApplicationBuilder app, IHostingEnvironment env)
    {
        if (env.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();
            app.UseBrowserLink();
            app.UseDatabaseErrorPage();
        }
        else
        {
            app.UseExceptionHandler("/Home/Error");
        }

        app.UseStaticFiles();

        app.UseAuthentication();

        app.UseMvc(routes => routes.MapRoute(
                       "default",
                       "{controller=Home}/{action=Index}/{id?}"));

        app.UseHangfireServer();

        //Voila!
        UseHangfireDashboardCustom(app);
    }
Garett answered 25/11, 2017 at 18:15 Comment(0)
S
1

This is how I implement IDashboardAuthorizationFilter

public class HangfireAuthorizeFilter : IDashboardAuthorizationFilter
{
    public bool Authorize(DashboardContext context)
    {
        var owinEnvironment = context.GetOwinEnvironment();
        if (owinEnvironment.ContainsKey("server.User"))
        {
            if (owinEnvironment["server.User"] is ClaimsPrincipal)
            {
                return (owinEnvironment["server.User"] as ClaimsPrincipal).Identity.IsAuthenticated;
            }
            else if (owinEnvironment["server.User"] is GenericPrincipal)
            {
                return (owinEnvironment["server.User"] as GenericPrincipal).Identity.IsAuthenticated;
            }
        }
        return false;
    }
}

In your startup

app.UseHangfireDashboard("/hangfire", new DashboardOptions
{
    Authorization = new [] { new HangfireAuthorizeFilter() }
});
Sylvia answered 13/1, 2017 at 1:40 Comment(2)
Kim Hoang, when I try this one it says Exception thrown: 'System.ArgumentException' in Hangfire.Core.dll Additional information: Context argument should be of type OwinDashboardContext!Fractious
@Wasyster, it's weird, actually that attribute I implement it for MVC 5. But it should work the same with MVC coreSylvia

© 2022 - 2024 — McMap. All rights reserved.