Dashboard authorization via session

JustinAren · April 14, 2017, 9:55am

Hi all,

I want to use the current session to authorize users to view the dashboard. It all works well, but when I want to see the details of a job, or want to delete or trigger a job, the current session is null and the action is not performed.

I have the following authorization code:

public bool Authorize(DashboardContext context)
{
	var aspSession = HttpContext.Current.Session;
			
	var userId = aspSession?["user_id"];

	// if no userId was found, reject access to the dashboard 
	if (userId == null) return false;

	var user = UserAccount.LoadFromCentralizedCache((int)userId);

	return user.HasPermission("Some permission", 1);
}

Am I doing something wrong?

Thanks in advance,

Justin

farinha · June 20, 2017, 10:54am

I’m finding the same issue. As far as I can tell, at that point in the .NET pipeline Session is not set yet. But like you, I’m relying on Session to store certain information about the user (including the roles) so I don’t have to hit the database for every request.

Maybe a better solution is to use an IPrincipal or one such mechanism to store the roles.

Have you had any luck in finding a solution to this?

Topic		Replies	Views
Hooking up usermanager authorization question authorization	1	1408	March 17, 2020
Post requests in dashboard have no Session question dashboard	2	4978	July 31, 2016
Pass dashboard user ID to the triggered process in .NET Core app question dashboard , aspnetcore , security	0	154	May 28, 2024
Dashboard is not working on production mode question authorization , dashboard	1	1518	January 21, 2021
Hangfire Dashboard Authorization not working question dashboard	1	1272	September 30, 2019

Dashboard authorization via session

Related topics