The current DashboardOptions constructor sets the LocalRequestsOnlyAuthorizationFilter
as a default filter. When you setup your Hangfire Dashboard using the new endpoints pattern and set an authorization policy it still goes ahead and uses the default anyway. To circumvent it we need to pass an empty list to Authorization
as shown below.
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers()
.RequireAuthorization();
endpoints.MapHangfireDashboard("/dashboard/hangfire", new DashboardOptions()
{
// We need to pass an empty list or Hangfire will use a local authorization filter
Authorization = new List<IDashboardAuthorizationFilter>()
})
.RequireAuthorization("hangfire-specific-auth-scheme");
});
The new extension method introduced in this PR supports passing an authorization policy name and removes the LocalRequestsOnlyAuthorizationFilter
from the default if no DashboardOptions
instance has been passed.