Still Getting 403 After Authenticating

Tags: #<Tag:0x00007f28a6c31010> #<Tag:0x00007f28a6c30d68>

I am attempting to use OpenId Connect to authenticate to the dashboard. I am using policies and endpoint routing to configure the dashboard for authentication.

I’m adding the policy here:

public void ConfigureServices(IServiceCollection services)
{
services.AddMicrosoftIdentityWebAppAuthentication(Configuration);

        services.AddRazorPages();

        services.AddSignalR(options =>
        {
            options.EnableDetailedErrors = true;
        });

        var config = new ApplicationConfig();
        Configuration.Bind("ApplicationConfig", config);

        services.AddSingleton(config);
        services.AddAuthorization(cfg =>
        {
            cfg.AddPolicy("Hangfire", cfgPolicy =>
            {
                cfgPolicy
                    .AddAuthenticationSchemes(OpenIdConnectDefaults.AuthenticationScheme)
                    .RequireAuthenticatedUser();
            });
        });
        services.AddHangfire(configuration => configuration
            .SetDataCompatibilityLevel(CompatibilityLevel.Version_170)
            .UseSimpleAssemblyNameTypeSerializer()
            .UseRecommendedSerializerSettings()
            .UseSqlServerStorage(Configuration.GetConnectionString("HangfireConnection"), new SqlServerStorageOptions
            {
                CommandBatchMaxTimeout = TimeSpan.FromMinutes(5),
                SlidingInvisibilityTimeout = TimeSpan.FromMinutes(5),
                QueuePollInterval = TimeSpan.Zero,
                UseRecommendedIsolationLevel = true,
                DisableGlobalLocks = true
            }));
        services.AddHangfireServer();

        services.AddControllersWithViews(options =>
        {
            var policy = new AuthorizationPolicyBuilder()
                .RequireAuthenticatedUser()
                .Build();
            options.Filters.Add(new AuthorizeFilter(policy));
        }).AddMicrosoftIdentityUI();

}

And am setting the routing here:

public void Configure(IApplicationBuilder app, IWebHostEnvironment env, IBackgroundJobClient backgroundJobs)
{
if (env.IsDevelopment())
{
app.UseBrowserLink();
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
}

        app.UseStaticFiles();

        app.UseRouting();

        app.UseAuthentication();

        app.UseAuthorization();

        app.UseHangfireDashboard();
        app.UseEndpoints(endpoints =>
        {
            endpoints.MapControllerRoute(
                name: "default",
                pattern: "{controller=Home}/{action=Index}/{id?}");
            endpoints.MapRazorPages();
            endpoints.MapHangfireDashboard("/hangfire", new DashboardOptions()
            {
                Authorization = new List<IDashboardAuthorizationFilter> { }
            })
            .RequireAuthorization("Hangfire");
        });

}

If I attempt to go to the hangfire dashboard in production it will direct me to sign in and after doing so it brings me to a white page where I get a 403 response.

After a bit more time I found that including app.UseHangfireDashboard() was causing the issue. If you are using policies and endpoint routing just specify the endpoint routing.