/hangfire path on staging machine throws a 401 Unauthorized


#1

Hello, I’m trying your project is just what I’m looking for! I tested on my VS2012 with IIS Express and works very well but when Installed on staging machine (with IIS 7) the dashboard get me a 401 Unauthorized, any idea why?

thanks!


#2

Well, Now I read the documentation, jeje… I understand that the dashboard is not published to web. You can close the topic, thanks!


#3

Hello! I also have read the documentation about authorization but didn’t understand how to allow access to everybody or what users and roles are mentioned in docs?

Users = "admin, superuser", // allow only specified users
Roles = "admins" // allow only specified roles

where are they being created and managered?


#4

is anybody here?////


#5

@lunyov_vadim, sorry for the delay. Unfortunately, my budget related to Hangfire came to its logical end. I moved to a new job, but found that I have no time to keep the new job, this project and my life in a balance. Currently I’m looking for an external investments to be able to support the project in a long term. Hope you understand me.

But back to the topic. You can allow everyone to access the dashboard by passing no arguments to the UseAuthorizationFilters method:

app.UseHangfire(config =>
{
    config.UseAuthorizationFilters();
}

But I don’t recommend this method for security reasons. That is why remote connections are disallowed by default – to not to introduce the security hole.

Role and user based authorization works similar to the AuthorizeAttribute class for ASP.NET MVC framework – it is based on a regular ASP.NET (or OWIN) authorization provided by ASP.NET Identity, SimpleMembershipProvider and legacy MembershipProvider libraries and classes. You can google for “ASP.NET MVC authorization” to install support for user and role management.


#6

great thanks! will try it!


#8

This seems to be a dated answer.
I’ve done the following in a dotnet core app but it’s still not working when deployed as a docker:

container.
applicationBuilder.UseHangfireServer();
var dashboardOptions =
            new DashboardOptions
            {
                IgnoreAntiforgeryToken = true
            };
 applicationBuilder.UseHangfireDashboard("", dashboardOptions);

Does anybody know how to fix the problem with the /hangfire being unauthorized? I see something regarding an antiforgery token not being able to be decrypted so that’s why I tried the above.

Thank you


#9

@iberodev You need to override the Authorization property, for example:

options.Authorization = new[] { new DashboardNoAuthorizationFilter() };

I wrote the following simple filter referenced above for that purpose, be sure to only use it if environment.IsDevelopment() is true:

public class DashboardNoAuthorizationFilter : IDashboardAuthorizationFilter
    {
        public bool Authorize(DashboardContext dashboardContext)
        {
            return true;
        }
    }