為什麼 Hangfire 需要身份驗證才能查看儀表板
我在我的 MVC Web 應用程序中執行 HangFire,但是每當我嘗試導航到<http://MyApp/hangfire>時,它都會將我重定向到我的應用程序的登錄頁面,就好像我沒有登錄一樣。
我沒有明確配置任何授權要求…例如,我在 web.config 中有以下內容,但隨後將其取出以嘗試使其正常工作。
<location path="hangfire"> <system.web> <authorization> <allow roles="Administrator" /> <deny users="*" /> </authorization> </system.web>理論上,這就是我想要的,當我登錄到我的主 Web 應用程序時,我將使用一個
Administrator角色登錄,所以這個規則應該可以工作。但是無論我是否在 web.config 中進行了配置,每當我嘗試導航到<http://MyApp/hangfire>時,它都會將我重定向到我在 web.config 中配置的應用程序登錄頁面:
<authentication mode="Forms"> <forms loginUrl="~/Account/Login" timeout="960" /> </authentication>它不會在我的本地機器上執行此操作,只是當我發佈到我的主機時。當我登錄時,HangFire 是否無法辨識我的主應用程序提供的身份驗證 cookie?我認為一般來說,hangfire 應用程序不需要身份驗證,那麼其他配置可能會認為它需要身份驗證嗎?
更新 1:
我根據hangfire docs添加了授權過濾器,但同樣的事情發生了。這是我在 Startup.cs 中的程式碼:
using Hangfire; using Hangfire.Logging; using Hangfire.Dashboard; using Hangfire.SqlServer; using Microsoft.Owin; using OTIS.Web.AppCode; using OTISScheduler.AppServ; using Owin; using System.Web.Security; [assembly: OwinStartup(typeof(OTIS.Web.App_Start.Startup))] namespace OTIS.Web.App_Start { public class Startup { public void Configuration(IAppBuilder app) { app.UseHangfire(config => { config.UseSqlServerStorage("DefaultConnection"); config.UseServer(); //Dashboard authorization config.UseAuthorizationFilters(new AuthorizationFilter { Users = "USERA", // allow only specified users (comma delimited list) Roles = "Account Administrator, Administrator" // allow only specified roles(comma delimited list) }); }); LogProvider.SetCurrentLogProvider(new StubLogProviderForHangfire()); GlobalJobFilters.Filters.Add(new AutomaticRetryAttribute { Attempts = 0 }); var scheduleTasksInitializer = new ScheduleTasksInitializer(); scheduleTasksInitializer.ScheduleTasks(); } } }更新 2:
根據顯示基本身份驗證的更詳細說明,我也嘗試了這個……仍然沒有運氣……將我重定向到我的應用程序的登錄頁面。
config.UseAuthorizationFilters( new BasicAuthAuthorizationFilter( new BasicAuthAuthorizationFilterOptions { // Require secure connection for dashboard RequireSsl = false, SslRedirect = false, // Case sensitive login checking LoginCaseSensitive = true, // Users Users = new[] { new BasicAuthAuthorizationUser { Login = "MyLogin", // Password as plain text PasswordClear = "MyPwd" } } }));
終於讓它工作了。我創建了自己的 AuthorizationFilter 類(見下文)。然後我將它傳遞給 Startup.cs 配置方法中的 MapHangfireDashboard 方法(見下文)
public class HangFireAuthorizationFilter : IAuthorizationFilter { public bool Authorize(IDictionary<string, object> owinEnvironment) { bool boolAuthorizeCurrentUserToAccessHangFireDashboard = false; if (HttpContext.Current.User.Identity.IsAuthenticated) { if(HttpContext.Current.User.IsInRole("Account Administrator")) boolAuthorizeCurrentUserToAccessHangFireDashboard = true; } return boolAuthorizeCurrentUserToAccessHangFireDashboard; } }要將 hangfire 映射到自定義 url 並指定要使用的 AuthorizationFilter:
public void Configuration(IAppBuilder app) { //Get from web.config to determine to fire up hangfire scheduler or not app.UseHangfire(config => { config.UseSqlServerStorage("DefaultConnection"); config.UseServer(); }); //map hangfire to a url and specify the authorization filter to use to allow access app.MapHangfireDashboard("/Admin/jobs", new[] { new HangFireAuthorizationFilter() }); }
對於較新的版本,您應該使用
IDashboardAuthorizationFilter. 使用 using 語句,它將如下所示:using System.Web; using Hangfire.Annotations; using Hangfire.Dashboard; namespace Scheduler.Hangfire { public class HangFireAuthorizationFilter : IDashboardAuthorizationFilter { public bool Authorize([NotNull] DashboardContext context) { //can add some more logic here... return HttpContext.Current.User.Identity.IsAuthenticated; //Can use this for NetCore return context.GetHttpContext().User.Identity.IsAuthenticated; } } }然後在配置部分:
app.UseHangfireDashboard("/jobs", new DashboardOptions() { Authorization = new [] {new HangFireAuthorizationFilter()} });