AspNetCore.Diagnostics.HealthChecks icon indicating copy to clipboard operation
AspNetCore.Diagnostics.HealthChecks copied to clipboard

Published 20 hours ago verified publisher icon Xabaril

Require authorization for both endpoint and UI

Open kristofferjalen opened this issue 2 years ago • 2 comments

In the sample, only the UI requires authorization, but not the endpoint. Is that by intention? Why protect the UI if the endpoint is unprotected? Isn't all information available anonymously from the endpoint then? What am I missing?

Requiring authorization for both the endpoint and for the UI will crash the UI:

app.MapHealthChecks("/health", new HealthCheckOptions
{
    Predicate = _ => true,
    ResponseWriter = UIResponseWriter.WriteHealthCheckUIResponse,
}).RequireAuthorization(Policies.HealthChecksUiPolicy);

app.MapHealthChecksUI()
    .RequireAuthorization(Policies.HealthChecksUiPolicy);

gives:

Unexpected character encountered while parsing value: <. Path '', line 0, position 0.

This seems to have been reported in https://github.com/Xabaril/AspNetCore.Diagnostics.HealthChecks/issues/327 but that issue was closed.

kristofferjalen avatar Apr 13 '22 12:04 kristofferjalen

Did you manage to solve the issue? We have the exact same problem.

aleksvujic avatar Aug 08 '22 12:08 aleksvujic

I have the exact same issue. Is there any update on this? @kristofferjalen

volkanytu avatar Aug 10 '22 09:08 volkanytu