Created
September 1, 2018 12:30
-
-
Save ndc/a1cc8e2515e5e0d941a884fc6a6267f5 to your computer and use it in GitHub Desktop.
Hangfire dashboard authorization filter using basic authentication and relying on browser support to allow user to input username and password.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.Collections.Generic; | |
using System.Linq; | |
using System.Threading.Tasks; | |
using Hangfire.Annotations; | |
using Hangfire.Dashboard; | |
using Microsoft.AspNetCore.Http; | |
namespace MyApp.ScheduledTask | |
{ | |
public class HFDashboardAuthFilter : Hangfire.Dashboard.IDashboardAuthorizationFilter | |
{ | |
public bool Authorize([NotNull] DashboardContext context) | |
{ | |
var httpContext = context.GetHttpContext(); | |
var header = httpContext.Request.Headers["Authorization"]; | |
if (string.IsNullOrWhiteSpace(header)) | |
{ | |
SetChallengeResponse(httpContext); | |
return false; | |
} | |
var authValues = System.Net.Http.Headers.AuthenticationHeaderValue.Parse(header); | |
if (!"Basic".Equals(authValues.Scheme, StringComparison.InvariantCultureIgnoreCase)) | |
{ | |
SetChallengeResponse(httpContext); | |
return false; | |
} | |
var parameter = System.Text.Encoding.UTF8.GetString(Convert.FromBase64String(authValues.Parameter)); | |
var parts = parameter.Split(':'); | |
if (parts.Length < 2) | |
{ | |
SetChallengeResponse(httpContext); | |
return false; | |
} | |
var username = parts[0]; | |
var password = parts[1]; | |
if (string.IsNullOrWhiteSpace(username) || string.IsNullOrWhiteSpace(password)) | |
{ | |
SetChallengeResponse(httpContext); | |
return false; | |
} | |
if (username == "johndoe" && password == "123") | |
{ | |
return true; | |
} | |
SetChallengeResponse(httpContext); | |
return false; | |
} | |
private void SetChallengeResponse(HttpContext httpContext) | |
{ | |
httpContext.Response.StatusCode = 401; | |
httpContext.Response.Headers.Append("WWW-Authenticate", "Basic realm=\"Hangfire Dashboard\""); | |
httpContext.Response.WriteAsync("Authentication is required."); | |
} | |
} | |
} |
matjazbravc
commented
Jul 15, 2019
via email
You are right: Basic Authentication wasn't designed to manage logging out.
I will have to figure out something else.
Thank you.
*Beste Grüße/Best regards/Lep pozdrav,*
*Matjaž Bravc*
Senior Software Engineer at pmOne <http://www.pmone.com/> | +386 41 903 563
V V pon., 15. jul. 2019 ob 11:33 je oseba Endy Tjahjono <
[email protected]> napisala:
… This gist uses HTTP basic authentication, so the way to log out is the
same as other HTTP basic authentication, for example
https://stackoverflow.com/questions/233507/how-to-log-out-user-from-web-site-using-basic-authentication
I haven't tried to log out though.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<https://gist.github.com/a1cc8e2515e5e0d941a884fc6a6267f5?email_source=notifications&email_token=AJJUVC74QZGQCGPTVSP2QHLP7Q77RA5CNFSM4HJXXBW2YY3PNVWWK3TUL52HS4DFVNDWS43UINXW23LFNZ2KUY3PNVWWK3TUL5UWJTQAFVJ54#gistcomment-2970590>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AJJUVC7ICQIANBTSG4F7TEDP7Q77RANCNFSM4HJXXBWQ>
.
Does this Class get triggered when accessing /hangfire ?
And will the same idea work with .Net Framework ?
Esse código funciona rodando local, ao publicar em produção, fica em loop a solicitação de login e senha. Alguém sabe porque?
Nice work!
Recent viewers:
Now finally we have an official implementation... Hangfire.Dashboard.Authorization.Basic.
Wow man, this is amazing. I was struggling to find a good solution for API type projects. I had an idea with query strings, but then hangfire does not allow them. This solution is perfect, I honestly did not know you can trigger built in browser login popup!
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment