Use Dashboard Authentication in Web Api core


#1

Hi am new to hangfire , So struggling to find a way to put authentication to dashboard page. Am using Hangfire in webapi so basically i dont have a login page. Can any one explain how to implement Authentication and Authorization in hangfire.

I have Implement IDashboardAuthorizationFilter and Authorize method got hit. But Is Authenticated always return false. Kindly some one help me out ):


#2

There is a Nuget Package that would help you to get started : Hangfire.Dashboard.Authorization

The problem is that this one is a little out of date it seems. Luckily someone forked it and created an updated package namely : Hangfire.Dashboard.Authorization.Unofficial and it’s Github page is Github Hangfire.Dashboard.Authorization where you can find some easy and quick samples to get started.

As I already mentioned in other posts be aware that if your dashboard runs in a selfhosted service that runs under a non-administrator windows account you will probably need to set up privileges for this user to be allowed to bind to a ‘public’ (i.e. not localhost loopback) network port. This is a restriction that is imposed by windows on Owin/HttpListener/etc and not Hangfire, see MSDN add urlacl documentation


#3

The packages @Hans_Engelen mentions, as indicated by the name, only handles the authorization part - not authentication. That you should implement somehow yourself.

Without a strategy for authentication you will find that IsAuthentication in your DashboardAuthorizationFilter will always be false since, well, you haven’t done any authentication, that is, establishing then identity of the caller somehow, either via ie. a cookie or header-token.

Only when you have established the identity of the caller are you able to do a proper authorization based on who they are, and that’s what you do in the DashboardAuthorizationFilter.


#4

Ya thanks for the response . I thought this but waiting for some trustable resource to confirm that. As you mentioned i have used query string to validate and send back the token to response to save as cookie . Subsequent calls i checking the cookies .


#5

I’m also in this same situation. @Dhanaselvam, how did you end up handling your authentication? Like you mentioned, as an API project, there’s no out-of-the-box login functionality.


#6

I figured it out. I’m using Okta to handle my authentication and had to use this workaround to get it to work as expected.


#7

I have made a Github Gist of my implementation of IDashboardAuthorizationFilter. It’s from the Hangfire.Dashboard.Authorization project but with a lot of parts removed. Perhaps you can compare your implementation with it.

It uses basic authentication with hardcoded username and password. The browser will open a dialog window to let the user input username and password.