Why is Hangfire requiring authentication to view dashboard

With the newer versions you should use IDashboardAuthorizationFilter. With the using statements, it will look like this:

using System.Web;
using Hangfire.Annotations;
using Hangfire.Dashboard;

namespace Scheduler.Hangfire
{
    public class HangFireAuthorizationFilter : IDashboardAuthorizationFilter
    {
        public bool Authorize([NotNull] DashboardContext context)
        {
            //can add some more logic here...
            return HttpContext.Current.User.Identity.IsAuthenticated;

            //Can use this for NetCore
            return context.GetHttpContext().User.Identity.IsAuthenticated; 
        }
    }
}

then in the configuration section:

app.UseHangfireDashboard("/jobs", new DashboardOptions() 
      {
          Authorization = new [] {new HangFireAuthorizationFilter()}
      });

As designed I believe.
See the docs for the dashboard.

By default Hangfire allows access to Dashboard pages only for local requests.

Strangely enough I was dealing with this the other day and one thing to be aware of is that if you are using Autofac dependency injection then you need to make sure you configure items in the correct order. Specifically Hangfire after other authentication but also, in my case, MembershipReboot before the other OAuth stuff.
Took quite a bit of trial and error.


Finally got it working. I created my own AuthorizationFilter class (see below). Then I passed that to the MapHangfireDashboard method in the Startup.cs Configuration method (see below that)

public class HangFireAuthorizationFilter : IAuthorizationFilter
{
    public bool Authorize(IDictionary<string, object> owinEnvironment)
    {
        bool boolAuthorizeCurrentUserToAccessHangFireDashboard = false;

        if (HttpContext.Current.User.Identity.IsAuthenticated)
        {
            if(HttpContext.Current.User.IsInRole("Account Administrator"))
                boolAuthorizeCurrentUserToAccessHangFireDashboard = true;
        }

        return boolAuthorizeCurrentUserToAccessHangFireDashboard;
    }
}

To map hangfire to a custom url and specify the AuthorizationFilter to use:

public void Configuration(IAppBuilder app) {

    //Get from web.config to determine to fire up hangfire scheduler or not

    app.UseHangfire(config => {
        config.UseSqlServerStorage("DefaultConnection");
        config.UseServer();              
    });

    //map hangfire to a url and specify the authorization filter to use to allow access
    app.MapHangfireDashboard("/Admin/jobs", new[] { new HangFireAuthorizationFilter() });

}

Tags:

Asp.Net Mvc

Forms Authentication

Hangfire

Recent Posts