Skip to content

Instantly share code, notes, and snippets.

@ndc
Created September 1, 2018 12:30
Show Gist options
  • Save ndc/a1cc8e2515e5e0d941a884fc6a6267f5 to your computer and use it in GitHub Desktop.
Save ndc/a1cc8e2515e5e0d941a884fc6a6267f5 to your computer and use it in GitHub Desktop.
Hangfire dashboard authorization filter using basic authentication and relying on browser support to allow user to input username and password.
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using Hangfire.Annotations;
using Hangfire.Dashboard;
using Microsoft.AspNetCore.Http;
namespace MyApp.ScheduledTask
{
public class HFDashboardAuthFilter : Hangfire.Dashboard.IDashboardAuthorizationFilter
{
public bool Authorize([NotNull] DashboardContext context)
{
var httpContext = context.GetHttpContext();
var header = httpContext.Request.Headers["Authorization"];
if (string.IsNullOrWhiteSpace(header))
{
SetChallengeResponse(httpContext);
return false;
}
var authValues = System.Net.Http.Headers.AuthenticationHeaderValue.Parse(header);
if (!"Basic".Equals(authValues.Scheme, StringComparison.InvariantCultureIgnoreCase))
{
SetChallengeResponse(httpContext);
return false;
}
var parameter = System.Text.Encoding.UTF8.GetString(Convert.FromBase64String(authValues.Parameter));
var parts = parameter.Split(':');
if (parts.Length < 2)
{
SetChallengeResponse(httpContext);
return false;
}
var username = parts[0];
var password = parts[1];
if (string.IsNullOrWhiteSpace(username) || string.IsNullOrWhiteSpace(password))
{
SetChallengeResponse(httpContext);
return false;
}
if (username == "johndoe" && password == "123")
{
return true;
}
SetChallengeResponse(httpContext);
return false;
}
private void SetChallengeResponse(HttpContext httpContext)
{
httpContext.Response.StatusCode = 401;
httpContext.Response.Headers.Append("WWW-Authenticate", "Basic realm=\"Hangfire Dashboard\"");
httpContext.Response.WriteAsync("Authentication is required.");
}
}
}
@kaveshy
Copy link

kaveshy commented Aug 12, 2019

Does this Class get triggered when accessing /hangfire ?
And will the same idea work with .Net Framework ?

@rmotam
Copy link

rmotam commented Jul 22, 2020

Esse código funciona rodando local, ao publicar em produção, fica em loop a solicitação de login e senha. Alguém sabe porque?

@igorgomeslima
Copy link

igorgomeslima commented Mar 16, 2022

Nice work!

Recent viewers:

Now finally we have an official implementation... Hangfire.Dashboard.Authorization.Basic.

@vukasinpetrovic
Copy link

Wow man, this is amazing. I was struggling to find a good solution for API type projects. I had an idea with query strings, but then hangfire does not allow them. This solution is perfect, I honestly did not know you can trigger built in browser login popup!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment