I’m trying to run the hangfire dashboard in the same project as my web api.
I want to secure the dashboard from unauthorized users.
Because the security I want to apply is different from the security on the webapi, I map the dashboard endpoint to a separate configuration.
When accessing the Authorize method in HangfireAuthorizationFilter, it seems that owinContext.Authentication.User is always null. So it seems it is not taking the authentication into account that I have defined.
When I place my code outside the Map function, then it works as expected.
Am I doing something wrong or is something going wrong in passing the authentication filters?
Thanks
app.Map("/jobs", inner =>
{
inner.UseRequestScopeContext();
inner.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
inner.UseCookieAuthentication(new CookieAuthenticationOptions());
inner.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = <clientid>,
Authority = <authority>,
PostLogoutRedirectUri = <logouturi>
});
var dashboardOptions = new DashboardOptions
{
Authorization = new[] { new HangfireAuthorizationFilter() }
};
inner.UseHangfireDashboard("", dashboardOptions);
inner.UseHangfireServer();
});
public class HangfireAuthorizationFilter : IDashboardAuthorizationFilter
{
public bool Authorize(DashboardContext dashboardContext)
{
var owinEnvironment = dashboardContext.GetOwinEnvironment();
var owinContext = new OwinContext(owinEnvironment);
var isAuthenticated = owinContext.Authentication.User.Identity.IsAuthenticated;
return isAuthenticated;
}
}