Exposing Hangfire Dashboard hosted by Windows Service to public URL with Authentication

Terry_Aney · April 15, 2018, 3:29pm

Hi, I am hosting Hangfire in a Windows service and currently I can only access the dashboard via internal IP/address via following code snippets:

In service Start method…

var options = new StartOptions();
options.Urls.Add( "http://localhost:9095" );
options.Urls.Add( "http://127.0.0.1:9095" );
options.Urls.Add( $"http://{ConfigurationHelper.IPAddress}:9095" );
options.Urls.Add( $"http://{Environment.MachineName}:9095" );

webApp = WebApp.Start<Startup>( options );

In Startup.Configuration( IAppBuilder app )

app.UseHangfireDashboard( "/hangfire", new DashboardOptions
{
	Authorization = new[] { new LocalNetworkAuthorizationFilter() },
} );

And the filter implementation is as simple as the following:

public class LocalNetworkAuthorizationFilter : IDashboardAuthorizationFilter
{
	public bool Authorize( [NotNull] DashboardContext context ) => true;
}

I can’t remember where I found this sample to always allow local network access however. Anyway, I want to expose the dashboard to a public url with the simplest form of authentication that is possible. I tried looking at the HangfireIO/Hangfire.Dashboard.Authorization nuget package but there were a few problems.

a) It was using code marked as obsolete which gave me pause.
b) When I tried to implement the BasicAuthAuthorizationFilter and use it, then the dashboard would no longer display.
c) With no sample code in the package (other than the readme), I was kind of stuck.

So I’m hoping someone can point me towards some sample code that has done something similar? Don’t know if I can use Windows Authentication on the public url or not, but that would be fine too.

Thanks in advance.

Hans_Engelen · April 18, 2018, 10:49am

There is an updated package on Nuget for authorization that fixes this https://www.nuget.org/packages/Hangfire.Dashboard.Authorization.Unofficial/

Also be aware that when using a selfhosted dashboard there are some considerations stemming from OWIN (and lower) that might require you to authorize the port to be opened by the selfhosted dashboard (normally only if the dashboard runs as a non-windows-admin account).

Contrary to the loopback (i.e. localhost) interface which is open for all users, the ports on ‘real’ network interfaces are more secured.

See (just one example, google has loads more) : https://stackoverflow.com/questions/24976425/running-self-hosted-owin-web-api-under-non-admin-account

Terry_Aney · April 18, 2018, 1:14pm

Perfect, thanks. it worked. Not sure if it was the updated package or the fact that I missed that the Ssl properties should be set to false in my development environment. But it is working as desired.

Sanjay_Kumawat · September 10, 2019, 4:21pm

Hey Terry,

Could you please provide steps or code sample on how did you expose hangfire dashboard with authentication to public url in windows service ? Thanks!

Topic		Replies	Views
Dashboard Access with windows authentication question configuration , authorization , dashboard	1	11213	October 30, 2015
Hangfire Dashboard Not Accessible Remotely question dashboard	3	2379	February 22, 2022
Use Dashboard Authentication in Web Api core question	7	15067	September 28, 2023
How do I apply hangfire dashboard open free for all? question	1	698	March 23, 2020
Hangfire running on localhost but not on custom domain bindings in IIS bug? dashboard	0	1192	October 1, 2019

Exposing Hangfire Dashboard hosted by Windows Service to public URL with Authentication

Related topics