Hangfire dashboard authorization filter using basic authentication and relying on browser support to allow user to input username and password.

HFDashboardAuthFilter.cs

using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using Hangfire.Annotations;
using Hangfire.Dashboard;
using Microsoft.AspNetCore.Http;

namespace MyApp.ScheduledTask
{
    public class HFDashboardAuthFilter : Hangfire.Dashboard.IDashboardAuthorizationFilter
    {
        public bool Authorize([NotNull] DashboardContext context)
        {
            var httpContext = context.GetHttpContext();

            var header = httpContext.Request.Headers["Authorization"];

            if (string.IsNullOrWhiteSpace(header))
            {
                SetChallengeResponse(httpContext);
                return false;
            }

            var authValues = System.Net.Http.Headers.AuthenticationHeaderValue.Parse(header);

            if (!"Basic".Equals(authValues.Scheme, StringComparison.InvariantCultureIgnoreCase))
            {
                SetChallengeResponse(httpContext);
                return false;
            }

            var parameter = System.Text.Encoding.UTF8.GetString(Convert.FromBase64String(authValues.Parameter));
            var parts = parameter.Split(':');

            if (parts.Length < 2)
            {
                SetChallengeResponse(httpContext);
                return false;
            }

            var username = parts[0];
            var password = parts[1];

            if (string.IsNullOrWhiteSpace(username) || string.IsNullOrWhiteSpace(password))
            {
                SetChallengeResponse(httpContext);
                return false;
            }

            if (username == "johndoe" && password == "123")
            {
                return true;
            }

            SetChallengeResponse(httpContext);
            return false;
        }

        private void SetChallengeResponse(HttpContext httpContext)
        {
            httpContext.Response.StatusCode = 401;
            httpContext.Response.Headers.Append("WWW-Authenticate", "Basic realm=\"Hangfire Dashboard\"");
            httpContext.Response.WriteAsync("Authentication is required.");
        }

    }
}

Works great, but how to sign out? Because the same Authorization header stays forever in requests ...

This gist uses HTTP basic authentication, so the way to log out is the same as other HTTP basic authentication, for example https://stackoverflow.com/questions/233507/how-to-log-out-user-from-web-site-using-basic-authentication

I haven't tried to log out though.

You are right: Basic Authentication wasn't designed to manage logging out. I will have to figure out something else. Thank you. *Beste Grüße/Best regards/Lep pozdrav,* *Matjaž Bravc* Senior Software Engineer at pmOne <http://www.pmone.com/> | +386 41 903 563 V V pon., 15. jul. 2019 ob 11:33 je oseba Endy Tjahjono < [email protected]> napisala:

…

This gist uses HTTP basic authentication, so the way to log out is the same as other HTTP basic authentication, for example https://stackoverflow.com/questions/233507/how-to-log-out-user-from-web-site-using-basic-authentication I haven't tried to log out though. — You are receiving this because you commented. Reply to this email directly, view it on GitHub <https://gist.github.com/a1cc8e2515e5e0d941a884fc6a6267f5?email_source=notifications&email_token=AJJUVC74QZGQCGPTVSP2QHLP7Q77RA5CNFSM4HJXXBW2YY3PNVWWK3TUL52HS4DFVNDWS43UINXW23LFNZ2KUY3PNVWWK3TUL5UWJTQAFVJ54#gistcomment-2970590>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AJJUVC7ICQIANBTSG4F7TEDP7Q77RANCNFSM4HJXXBWQ> .

Does this Class get triggered when accessing /hangfire ?
And will the same idea work with .Net Framework ?

Esse código funciona rodando local, ao publicar em produção, fica em loop a solicitação de login e senha. Alguém sabe porque?

Nice work!

Recent viewers:

Now finally we have an official implementation... Hangfire.Dashboard.Authorization.Basic.

Wow man, this is amazing. I was struggling to find a good solution for API type projects. I had an idea with query strings, but then hangfire does not allow them. This solution is perfect, I honestly did not know you can trigger built in browser login popup!