HangfireIO
DashboardContext delivers a incorrect User.Identity status
Hello,
in our ASP .NET Application we use a new simplified way for authentication in our StartupExtensions.cs:
` services .AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) .AddMicrosoftIdentityWebApp(objConfiguration.GetSection("Authentication:AzureAd"));
services
.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddMicrosoftIdentityWebApi(objConfiguration.GetSection("Authentication:AzureAdJWTApi"));`
Right after these changes the Access to the Hangfire site are not working anymore. We configure Hangfire like this:
if (optionsApplicationSettings.EnableHangfire) objApp.UseHangfireDashboard("/hangfire", new DashboardOptions() { Authorization = new[] { new HangFireDashBoardAuthFilter() }, StatsPollingInterval = 30000 });
In the past everything works well with Hangfire. I already installed the newest version via Nuget.
public class HangFireDashBoardAuthFilter : IDashboardAuthorizationFilter { public bool Authorize([NotNull] DashboardContext context) { HttpContext httpcontext = context.GetHttpContext(); return httpcontext.User.Identity.IsAuthenticated; } }
Now in the HangFireDashBoardAuthFilter class the state of the User object is not correct anymore. It always returns false for "IsAuthenticated". Which is not correct. Something is wrong with the HttpContext.
What I am doing wrong? Any ideas?
Thanks and greetings.
If it works everywhere else except the dashboard, I’d start with checking the order in which your middlewares are added to the pipeline. If Hangfire dashboard is added before the auth middleware, the former will never see authentication state.
Facing the same issue. User.Identity.IsAuthenticated is always false.
This is my program.cs
var builder = WebApplication.CreateBuilder(args);
builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddMicrosoftIdentityWebApi(builder.Configuration.GetSection("AzureAd"));
builder.Services.AddControllersWithViews();
builder.Services.AddRazorPages();
builder.Services.RegisterInfrastructure();
builder.Services.RegisterApplication();
builder.Services.RegistorHttpClientFactory(builder.Configuration);
builder.Services.AddControllers();
builder.Services.AddHangfire(x => x.UsePostgreSqlStorage(builder.Configuration.GetConnectionString("Hangfire")));
builder.Services.AddHangfireServer();
builder.Services.AddMemoryCache();
var app = builder.Build();
// Configure the HTTP request pipeline.
if (app.Environment.IsDevelopment())
{
app.UseWebAssemblyDebugging();
}
else
{
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseBlazorFrameworkFiles();
app.UseStaticFiles();
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.UseHangfireDashboard("/hangfire", new DashboardOptions{Authorization = new []{new HangfireAuthorizationFilter()},
IgnoreAntiforgeryToken = true});
app.MapRazorPages();
app.MapControllers();
app.MapFallbackToFile("index.html");
app.Services
.CreateScope()
.ServiceProvider
.GetRequiredService<PSContext>()
.Database
.EnsureCreated();
RecurringJob.AddOrUpdate<ReminderService>("finalize", service => service.SendRemainder(), Cron.Daily,
new RecurringJobOptions
{
TimeZone = TimeZoneInfo.Local
});
app.Run();
Here is my custom filter.
public class HangfireAuthorizationFilter : IDashboardAuthorizationFilter
{
public bool Authorize([NotNull] DashboardContext context)
{
return context.GetHttpContext().User.Identity!.IsAuthenticated;
}
}
Any ideas on why this is working?
Thanks
顺序问题,请按照如下顺序添加即可:
app.UseAuthentication();
app.UseAuthorization();
app.UseHangfireDashboard();
