Hi am new to hangfire , So struggling to find a way to put authentication to dashboard page. Am using Hangfire in webapi so basically i dont have a login page. Can any one explain how to implement Authentication and Authorization in hangfire.
I have Implement IDashboardAuthorizationFilter and Authorize method got hit. But Is Authenticated always return false. Kindly some one help me out ):
As I already mentioned in other posts be aware that if your dashboard runs in a selfhosted service that runs under a non-administrator windows account you will probably need to set up privileges for this user to be allowed to bind to a ‘public’ (i.e. not localhost loopback) network port. This is a restriction that is imposed by windows on Owin/HttpListener/etc and not Hangfire, see MSDN add urlacl documentation
The packages @Hans_Engelen mentions, as indicated by the name, only handles the authorization part - not authentication. That you should implement somehow yourself.
Without a strategy for authentication you will find that IsAuthentication in your DashboardAuthorizationFilter will always be false since, well, you haven’t done any authentication, that is, establishing then identity of the caller somehow, either via ie. a cookie or header-token.
Only when you have established the identity of the caller are you able to do a proper authorization based on who they are, and that’s what you do in the DashboardAuthorizationFilter.
Ya thanks for the response . I thought this but waiting for some trustable resource to confirm that. As you mentioned i have used query string to validate and send back the token to response to save as cookie . Subsequent calls i checking the cookies .
I have made a Github Gist of my implementation of IDashboardAuthorizationFilter. It’s from the Hangfire.Dashboard.Authorization project but with a lot of parts removed. Perhaps you can compare your implementation with it.
It uses basic authentication with hardcoded username and password. The browser will open a dialog window to let the user input username and password.