CODEWITHSUNDEEP
c#azure-worker-roleshangfire
Yogi
Yogi

Reputation: 9759

Hangfire dashboard authorization in Azure WorkerRole OR Self Hosted application

It is very recent that I have introduced to Hangfire, and I must say it is awesome.

I am working on an application, wherein I am hosting hangfire in Azure worker role. Everything works perfect; the hangfire configuration, job scheduling, dashboard etc. except configuring authorization to hangfire dashboard.

I have added an OwinStartup class where I have configuring hangfire dashboard. I have used my custom implementation of IAuthorizationFilter and an OwinMiddleware, anticipating that user should now be prompted to provide credentials while accessing hangfire dashboard. But for no help, and it keep giving me 403 response when trying to access the dashboard. :(

It works perfectly alright if I don't use authorization filter option while configuring dashboard, but then everyone could access it.

This is my Startup class - 

    public void Configuration(IAppBuilder app)
    {
        app.UseWelcomePage("/");

        app.Use(typeof(AuthenticationMiddleware));

        app.UseHangfireDashboard("/hangfire", new DashboardOptions
        {
            AuthorizationFilters = new[] { new MyAuthorization() }
        });
    }

I have written OWIN middleware i.e. AuthenticationMiddleware as suggested here

...and my custom IAuthorizationFilter

public class MyAuthorization : IAuthorizationFilter
{
     public bool Authorize(IDictionary<string, object> owinEnvironment)
     {
         var context = new OwinContext(owinEnvironment);

         // Allow all authenticated users to see the Dashboard 
         return context.Authentication.User.Identity.IsAuthenticated;
     }
}

This is how I am configuring dashboard in OnStart method of my worker role. (ref)

var endpoint = RoleEnvironment.CurrentRoleInstance.InstanceEndpoints["WorkerRoleEndpoint"];
string baseUri = String.Format("{0}://{1}", endpoint.Protocol, endpoint.IPEndpoint);//http://127.0.0.1:81/hangfire

owinApp = WebApp.Start<HangfireDashboardStartup>(new StartOptions(url: baseUri));

I guess the solution for hangfire dashboard in self hosted applicatinon should work as well

Upvotes: 1

Views: 1860

Answers (1)

Yogi
Yogi

Reputation: 9759

The following nuget package come to rescue for basic authentication -

Thinktecture.IdentityModel.Owin.BasicAuthentication

The package is available here - https://www.nuget.org/packages/Thinktecture.IdentityModel.Owin.BasicAuthentication/)

Get this package and simply call the following in your owin startup class, instead of your custom middlewawre - 

app.UseBasicAuthentication("SomeName", ValidateUser);

...where ValidateUser is the function to validate the user.

    private Task<IEnumerable<Claim>> ValidateUser(string id, string secret)
    {
        if (id == secret) //Dummy validation, modify it accordingly
        {
            var claims = new List<Claim>
            {
                new Claim(ClaimTypes.NameIdentifier, id),
                new Claim(ClaimTypes.Role, "Foo")
            };
            return Task.FromResult<IEnumerable<Claim>>(claims);
        }
        return Task.FromResult<IEnumerable<Claim>>(null);
    }

And your are done! Now when you will access hangfire dashboard, you will be prompted for credentials.

Upvotes: 1

Related Questions