ASP.NET Core MVC Hangfire custom authentication

asp.net-core-mvc hangfire
Wasyster picture Wasyster · Jan 12, 2017 · Viewed 8.6k times · Source

I managed to work Hangfire on my ASP.NET Core MVC application, and now I am trying to add admin authorization.

I added the following code to the Startup.cs file:

app.UseHangfireDashboard("/hangfire", new DashboardOptions
 {
    Authorization = new[] {new  SecurityHelpers.AdminAuthorization.HangFireAuthorizationFilter() }
 });

app.UseHangfireServer();
RecurringJob.AddOrUpdate( () => Debug.WriteLine("Minutely Job"), Cron.Minutely);

Now I have a problem with custom authorization filter:

public class HangFireAuthorizationFilter : IDashboardAuthorizationFilter
{
    public bool Authorize(DashboardContext context)
    {
        return true;
    }
}

There are samples for old configuration with IAutohorizationFilter, and form version 1.6.8 there is a new interface IDashboardAuthorizationFilter, and I can't figure out how to implement it.

My web application uses claims.

thnx

Answer

Ryan picture Ryan · Mar 9, 2017

Here's my implementation for .NET Core:

public class HangfireAuthorizationFilter : IDashboardAuthorizationFilter {
    private string policyName;

    public HangfireAuthorizationFilter(string policyName) {
        this.policyName = policyName;
    }

    public bool Authorize([NotNull] DashboardContext context) {
        var httpContext = context.GetHttpContext();
        var authService = httpContext.RequestServices.GetRequiredService<IAuthorizationService>();
        return authService.AuthorizeAsync(httpContext.User, this.policyName).ConfigureAwait(false).GetAwaiter().GetResult().Succeeded;
    }
}

Set it up in the Startup Configure with:

app.UseHangfireDashboard(
            pathMatch: "/hangfire",
            options: new DashboardOptions() {
                Authorization = new IDashboardAuthorizationFilter[] {
                    new HangfireAuthorizationFilter("somePolicy")
                }
            });

Make sure that the policy you've chosen (eg. "somePolicy") is set up previously in Startup ConfigureServices. For example:

services.Configure<AuthorizationOptions>(options => {
    options.AddPolicy("somePolicy", policy => {
        // require the user to be authenticated
        policy.RequireAuthenticatedUser();
        // Maybe require a claim here, if you need that.
        //policy.RequireClaim(ClaimTypes.Role, "some role claim");
    });
});

Related questions

ASP.NET Core Dependency Injection error: Unable to resolve service for type while attempting to activate

I created an .NET Core MVC application and use Dependency Injection and Repository Pattern to inject a repository to my controller. However, I am getting an error: InvalidOperationException: Unable to resolve service for type 'WebApplication1.Data.BloggerRepository' while attempting to …

Read More
Getting value from appsettings.json in .net core

Not sure what am I missing here but I am not able to get the values from my appsettings.json in my .net core application. I have my appsettings.json as: { "AppSettings": { "Version": "One" } } Startup: public class Startup { private IConfigurationRoot _…

Read More
How do you create a custom AuthorizeAttribute in ASP.NET Core?

I'm trying to make a custom authorization attribute in ASP.NET Core. In previous versions it was possible to override bool AuthorizeCore(HttpContextBase httpContext). But this no longer exists in AuthorizeAttribute. What is the current approach to make a custom …

Read More