为什么迟发型需要身份验证，查看仪表盘 [英] Why is Hangfire requiring authentication to view dashboard

问题描述

我正在迟发型我的MVC Web应用程序中，但每当我试图导航到的http：// MyApp的/迟发型，它重定向我到我的应用程序的登录页面，虽然我没有登录。

我还没有明确配置的授权......例如的任何要求。我有以下在web.config中，但随后拿出来在试图得到这个工作。

 ＆LT;位置路径=迟发型＆GT;
＆LT;＆的System.Web GT;
  ＆LT;授权＆GT;
    ＆LT;让角色=管理员/＆GT;
    ＆LT;拒绝用户=*/＆GT;
  ＆LT; /授权＆GT;
＆LT; /system.web>
 

在理论上，这是我想要的东西，当我登录到我的主要的Web应用程序，我将与管理​​角色的身份登录所以这个规则应该的工作。

不过，我是否有配置在web.config与否，每当我试图导航到的http：// MyApp的/迟发型，它重定向我到我的应用程序登录页面，在web.config配置：

 ＆LT;身份验证模式=表格＆GT;
  ＆LT;形式loginUrl =〜/帐号/登录超时=960/＆GT;
＆LT; /认证＆GT;
 

它不这样做我的本地机器上，就当我发表我的主机。难道迟发型无法识别身份验证cookie，我的主要的应用程序，当我登录提供？我认为在一般情况下，迟发型应用程序不需要身份验证，所以有什么其他的配置，可以认为它呢？

更新1：

我说的每迟发型文档授权过滤器，但同样的事情发生。这里是我的code在Startup.cs：

 使用迟发型;
使用Hangfire.Logging;
使用Hangfire.Dashboard;
使用Hangfire.SqlServer;
使用Microsoft.Owin;
使用OTIS.Web.App code;
使用OTISScheduler.AppServ;
使用Owin;
使用System.Web.Security;[大会：OwinStartup（typeof运算（OTIS.Web.App_Start.Startup））]
命名空间OTIS.Web.App_Start
{
    公共类启动
    {
        公共无效配置（IAppBuilder应用程序）{            app.UseHangfire（配置=＆GT; {
                config.UseSqlServerStorage（DefaultConnection）;
                config.UseServer（）;                //授权仪表板
                config.UseAuthorizationFilters（新AuthorizationFilter
                {
                    用户=USERA，//仅允许指定用户（逗号分隔的列表）
                    角色=帐户管理员，管理员//只允许指定的角色（逗号分隔的列表）
                }）;
            }）;            LogProvider.SetCurrentLogProvider（新StubLogProviderForHangfire（））;            GlobalJobFilters.Filters.Add（新AutomaticRetryAttribute {尝试= 0}）;            VAR scheduleTasksInitializer =新ScheduleTasksInitializer（）;            scheduleTasksInitializer.ScheduleTasks（）;
        }
    }
}
 

更新2：

每更显示了基本的身份验证的详细说明，我也尝试过这...仍然没有luck..redirects我对我的应用程序的登录页面。

  config.UseAuthorizationFilters（
新BasicAuthAuthorizationFilter（
    新BasicAuthAuthorizationFilterOptions
    {
        //需要仪表板安全连接
        RequireSsl =假，
        SslRedirect =假，        //区分大小写登录检查
        LoginCaseSensitive = TRUE，        //用户
        用户=新[]
        {
            新BasicAuthAuthorizationUser
            {
                登录=MyLogin                //密码为纯文本
                PasswordClear =MYPWD
            }
        }
    }））;
 

解决方案

终于得到了它的工作。我创建了自己AuthorizationFilter类（见下文）。
然后，我通过了在Startup.cs配置方法MapHangfireDashboard方法（见下文了）

 公共类HangFireAuthorizationFilter：个IAuthorizationFilter
{
    公共BOOL授权（IDictionary的＆LT;字符串对象＆gt; owinEnvironment）
    {
        布尔boolAuthorizeCurrentUserToAccessHangFireDashboard = FALSE;        如果（HttpContext.Current.User.Identity.IsAuthenticated）
        {
            如果（HttpContext.Current.User.IsInRole（账户管理））
                boolAuthorizeCurrentUserToAccessHangFireDashboard = TRUE;
        }        返回boolAuthorizeCurrentUserToAccessHangFireDashboard;
    }
}
 

要迟发型映射到一个自定义的网址，并指定AuthorizationFilter使用方法：

 公共无效配置（IAppBuilder应用程序）{    //从web.config中获取确定火起来迟发型调度与否    app.UseHangfire（配置=＆GT; {
        config.UseSqlServerStorage（DefaultConnection）;
        config.UseServer（）;
    }）;    //地图迟发型到一个URL，并指定授权过滤器使用，以允许访问
    app.MapHangfireDashboard（/管理/工作，新的[] {新HangFireAuthorizationFilter（）}）;}
 

I am running HangFire within my MVC web app but whenever I try to navigate to http://MyApp/hangfire, it redirects me to my app's login page as though I am not logged in.

I have not explicitly configured any requirements for authorization...e.g. I had the below in the web.config, but then took it out in attempts to get this to work.

<location path="hangfire">
<system.web>
  <authorization>
    <allow roles="Administrator" />
    <deny users="*" />  
  </authorization>
</system.web>

In theory, this is what I'd want, and when I log into my main web application, I will be logged in with an Administrator role so this rule should work.

But whether I have that configured in the web.config or not, whenever I try to navigate to http://MyApp/hangfire, it redirects me to my apps login page as configured in the web.config:

<authentication mode="Forms">
  <forms loginUrl="~/Account/Login" timeout="960" />
</authentication>

It does NOT do this on my local machine, just when I publish to my host. Does HangFire not recognize the authentication cookie that my main app provides when I login? I thought in general, the hangfire app doesn't require authentication, so what other configuration could be thinking that it does?

UPDATE 1:

I added the authorization filters per the hangfire docs, but the same thing happens. Here is my code in Startup.cs:

using Hangfire;
using Hangfire.Logging;
using Hangfire.Dashboard;
using Hangfire.SqlServer;
using Microsoft.Owin;
using OTIS.Web.AppCode;
using OTISScheduler.AppServ;
using Owin;
using System.Web.Security;

[assembly: OwinStartup(typeof(OTIS.Web.App_Start.Startup))]
namespace OTIS.Web.App_Start
{
    public class Startup
    {
        public void Configuration(IAppBuilder app) {

            app.UseHangfire(config => {
                config.UseSqlServerStorage("DefaultConnection");
                config.UseServer();

                //Dashboard authorization
                config.UseAuthorizationFilters(new AuthorizationFilter
                {
                    Users = "USERA", // allow only specified users (comma delimited list)
                    Roles = "Account Administrator, Administrator" // allow only specified roles(comma delimited list)
                });


            });

            LogProvider.SetCurrentLogProvider(new StubLogProviderForHangfire());

            GlobalJobFilters.Filters.Add(new AutomaticRetryAttribute { Attempts = 0 });

            var scheduleTasksInitializer = new ScheduleTasksInitializer();

            scheduleTasksInitializer.ScheduleTasks();
        }
    }
}

UPDATE 2:

Per the more detailed instructions showing basic authentication, I also tried this...still no luck..redirects me to my app's login page.

config.UseAuthorizationFilters(
new BasicAuthAuthorizationFilter(
    new BasicAuthAuthorizationFilterOptions
    {
        // Require secure connection for dashboard
        RequireSsl = false,
        SslRedirect = false,

        // Case sensitive login checking
        LoginCaseSensitive = true,

        // Users
        Users = new[]
        {
            new BasicAuthAuthorizationUser
            {
                Login = "MyLogin",

                // Password as plain text
                PasswordClear = "MyPwd"
            }
        }
    }));          

解决方案

Finally got it working. I created my own AuthorizationFilter class (see below). Then I passed that to the MapHangfireDashboard method in the Startup.cs Configuration method (see below that)

public class HangFireAuthorizationFilter : IAuthorizationFilter
{
    public bool Authorize(IDictionary<string, object> owinEnvironment)
    {
        bool boolAuthorizeCurrentUserToAccessHangFireDashboard = false;

        if (HttpContext.Current.User.Identity.IsAuthenticated)
        {
            if(HttpContext.Current.User.IsInRole("Account Administrator"))
                boolAuthorizeCurrentUserToAccessHangFireDashboard = true;
        }

        return boolAuthorizeCurrentUserToAccessHangFireDashboard;
    }
}

To map hangfire to a custom url and specify the AuthorizationFilter to use:

public void Configuration(IAppBuilder app) {

    //Get from web.config to determine to fire up hangfire scheduler or not

    app.UseHangfire(config => {
        config.UseSqlServerStorage("DefaultConnection");
        config.UseServer();              
    });

    //map hangfire to a url and specify the authorization filter to use to allow access
    app.MapHangfireDashboard("/Admin/jobs", new[] { new HangFireAuthorizationFilter() });

}

这篇关于为什么迟发型需要身份验证，查看仪表盘的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！