The current DashboardOptions constructor sets the LocalRequestsOnlyAuthorizationFilter as a default filter. When you setup your Hangfire Dashboard using the new endpoints pattern and set an authorization policy it still goes ahead and uses the default anyway. To circumvent it we need to pass an empty list to Authorization as shown below.
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers()
.RequireAuthorization();
endpoints.MapHangfireDashboard("/dashboard/hangfire", new DashboardOptions()
{
// We need to pass an empty list or Hangfire will use a local authorization filter
Authorization = new List<IDashboardAuthorizationFilter>()
})
.RequireAuthorization("hangfire-specific-auth-scheme");
});
The new extension method introduced in this PR supports passing an authorization policy name and removes the LocalRequestsOnlyAuthorizationFilter from the default if no DashboardOptions instance has been passed.