.net core IDashboardAuthorizationFilter and Authentication

dashboard
Tags: #<Tag:0x00007f75966204b8>

#1

When using IDashboardAuthorizationFilter and services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) there seem to be an issue.

When the IDashboardAuthorizationFilter returns only true the ‘stats’ api call responds with a 200.

But when adding logic to the filter the api call responds with 403 despite returning true.

Anyone experience similar issue?

public class HangFireAuthorizationFilter : IDashboardAuthorizationFilter
{
    private readonly TokenValidationParameters _parameters;

    public HangFireAuthorizationFilter(TokenValidationParameters parameters)
    {
        _parameters = parameters;
    }

    public bool Authorize([NotNull] DashboardContext context)
    {

        // the below returns 403 when using it, but does not hit any return false statements
        var httpContext = context.GetHttpContext();
        var accessToken = httpContext.Request.Cookies["accessToken"];
        if (string.IsNullOrEmpty(accessToken))
        {
            return false;
        }

        var tokenHandler = new JwtSecurityTokenHandler();
        var token = tokenHandler.ReadToken(accessToken);
        if (token == null)
        {
            return false;
        }

        try
        {
            var identity = tokenHandler.ValidateToken(accessToken, _parameters, out var securityToken);
            if (securityToken == null)
            {
                return false;
            }

            httpContext.User = identity;
            return true;
        }
        catch
        {
            // SecurityTokenExpiredException etc.
            return false;
        }
    }
}

Is it something we are missing?


#2

Removing httpContext.User = identity; seems to do the trick. So nevermind :slight_smile: