Hangfire仪表板授权配置不工作

时间:2022-11-07 04:05:33

I've downloaded the nu-get package Hangfire.Dashboard.Authorization

我已经下载了nuget包Hangfire.Dashboard.Authorization

I'm trying configure the OWIN based authorization as per the docs as follows but I get intellisense error DashboardOptions.AuthorizationFilters is obsolete please use Authorization property instead

我正在尝试按照文档的方式配置OWIN基于文档的授权,但是我得到了intellisense error DashboardOptions。授权过滤器已过时,请使用授权属性代替

I also get intellisense error The type or namespace AuthorizationFilter and ClaimsBasedAuthorizationFilterd not be found

我还得到了intellisense错误,类型或名称空间AuthorizationFilter和ClaimsBasedAuthorizationFilterd没有找到

using Hangfire.Dashboard;
using Hangfire.SqlServer;
using Owin;
using System;

namespace MyApp
{
    public class Hangfire
    {
       public static void ConfigureHangfire(IAppBuilder app)
        {
           GlobalConfiguration.Configuration
           .UseSqlServerStorage(
               "ApplicationDbContext",
                new SqlServerStorageOptions 
                  { QueuePollInterval = TimeSpan.FromSeconds(1) });

           var options = new DashboardOptions
           {
               AuthorizationFilters = new[]
               {
                  new AuthorizationFilter { Users = "admin, superuser", Roles = "advanced" },
                  new ClaimsBasedAuthorizationFilter("name", "value")
               }
           };

           app.UseHangfireDashboard("/hangfire", options);
           app.UseHangfireServer();
        }
    }
}

* UPDATE *

*更新*

Since the above nuget package doesnt work I've attempted to create my own custom filter:

由于上面的nuget包不起作用,我尝试创建我自己的自定义过滤器:

public class HangfireAuthorizationFilter : IAuthorizationFilter
{
    public bool Authorize(IDictionary<string, object> owinEnvironment)
    {
        // In case you need an OWIN context, use the next line,
        // `OwinContext` class is the part of the `Microsoft.Owin` package.
        var context = new OwinContext(owinEnvironment);

        // Allow all authenticated users to see the Dashboard (potentially dangerous).
        return context.Authentication.User.Identity.IsAuthenticated;
    }
}

How do I restrict to only Admin roles i.e what is the syntax?

如何只限制管理角色I。语法是什么?

2 个解决方案

#1

14  

You need to make sure the Configure(app) method is called in your Startup.cs class before configuring your hangfire dashboard.

您需要确保在启动时调用Configure(app)方法。cs类在配置您的hangfire仪表板之前。

  public partial class Startup
{
    private static readonly ILog log = 
        LogManager.GetLogger(System.Reflection.MethodBase.GetCurrentMethod
    ().DeclaringType);


    public void Configuration(IAppBuilder app)
    {

        //Hangfire Config
        GlobalConfiguration.Configuration.UseSqlServerStorage
            ("HangFireJobs");
        app.UseHangfireServer();

        log.Debug("Application Started");

        ConfigureAuth(app);


        //this call placement is important
        var options = new DashboardOptions
        {
            Authorization = new[] { new CustomAuthorizationFilter() }
        };
        app.UseHangfireDashboard("/hangfire", options);
    }
}

Then in your auth config class you can do something as simple as this :

然后在您的auth配置类中,您可以做如下简单的事情:

  public class CustomAuthorizationFilter : IDashboardAuthorizationFilter
{ 

    public bool Authorize(DashboardContext context)
    {
        if (HttpContext.Current.User.IsInRole("Admin"))
        {
            return true; 
        }

        return false; 
    }
}

#2

1  

Defining the dashboard options in this way worked for me -

以这种方式定义仪表板选项对我很有用

    var options = new DashboardOptions
    {
        AuthorizationFilters = new List<IAuthorizationFilter>
       {
          new Hangfire.Dashboard.AuthorizationFilter { Users = "admin, superuser", Roles = "advanced" },
          new Hangfire.Dashboard.ClaimsBasedAuthorizationFilter("name", "value")
       }
    };

I have imported the following namespaces -

我导入了以下名称空间-

using System;
using Owin;
using Hangfire;
using Hangfire.Dashboard;
using System.Collections.Generic;
using Hangfire.SqlServer;

Yes it is showing me the deprecated warning for AuthorizationFilters and suggest to use Authorization, basically the IAuthorizationFilter interface is going to removed in version 2.0, and IDashboardAuthorizationFilter interface has to be used.

是的,它向我显示了AuthorizationFilters的废弃警告,并建议使用授权,基本上IAuthorizationFilter接口将在2.0版本中删除,必须使用IDashboardAuthorizationFilter接口。

For this you can create your own custom filter implementing IDashboardAuthorizationFilter and use this instead.

为此,您可以创建自己的自定义过滤器实现IDashboardAuthorizationFilter并使用它。

public class MyAuthorizationFilter : IDashboardAuthorizationFilter
{
    public bool Authorize(DashboardContext context)
    {
        //Implement
    }
}

#1

14  

You need to make sure the Configure(app) method is called in your Startup.cs class before configuring your hangfire dashboard.

您需要确保在启动时调用Configure(app)方法。cs类在配置您的hangfire仪表板之前。

  public partial class Startup
{
    private static readonly ILog log = 
        LogManager.GetLogger(System.Reflection.MethodBase.GetCurrentMethod
    ().DeclaringType);


    public void Configuration(IAppBuilder app)
    {

        //Hangfire Config
        GlobalConfiguration.Configuration.UseSqlServerStorage
            ("HangFireJobs");
        app.UseHangfireServer();

        log.Debug("Application Started");

        ConfigureAuth(app);


        //this call placement is important
        var options = new DashboardOptions
        {
            Authorization = new[] { new CustomAuthorizationFilter() }
        };
        app.UseHangfireDashboard("/hangfire", options);
    }
}

Then in your auth config class you can do something as simple as this :

然后在您的auth配置类中,您可以做如下简单的事情:

  public class CustomAuthorizationFilter : IDashboardAuthorizationFilter
{ 

    public bool Authorize(DashboardContext context)
    {
        if (HttpContext.Current.User.IsInRole("Admin"))
        {
            return true; 
        }

        return false; 
    }
}

#2

1  

Defining the dashboard options in this way worked for me -

以这种方式定义仪表板选项对我很有用

    var options = new DashboardOptions
    {
        AuthorizationFilters = new List<IAuthorizationFilter>
       {
          new Hangfire.Dashboard.AuthorizationFilter { Users = "admin, superuser", Roles = "advanced" },
          new Hangfire.Dashboard.ClaimsBasedAuthorizationFilter("name", "value")
       }
    };

I have imported the following namespaces -

我导入了以下名称空间-

using System;
using Owin;
using Hangfire;
using Hangfire.Dashboard;
using System.Collections.Generic;
using Hangfire.SqlServer;

Yes it is showing me the deprecated warning for AuthorizationFilters and suggest to use Authorization, basically the IAuthorizationFilter interface is going to removed in version 2.0, and IDashboardAuthorizationFilter interface has to be used.

是的,它向我显示了AuthorizationFilters的废弃警告,并建议使用授权,基本上IAuthorizationFilter接口将在2.0版本中删除,必须使用IDashboardAuthorizationFilter接口。

For this you can create your own custom filter implementing IDashboardAuthorizationFilter and use this instead.

为此,您可以创建自己的自定义过滤器实现IDashboardAuthorizationFilter并使用它。

public class MyAuthorizationFilter : IDashboardAuthorizationFilter
{
    public bool Authorize(DashboardContext context)
    {
        //Implement
    }
}
标签:

相关文章