如何保护MVC Hangfire Dashboard

时间:2015-01-19 09:11:18

标签: c# visual-studio model-view-controller hangfire

我正在使用Visual Studio 2013 MVC,我安装了“Hangfire”来执行计划任务。 (http://hangfire.io/

如何使用密码保护Web监控UI页面(http://localhost/Hangfire)?

由于

3 个答案:

答案 0 :(得分:1)

请查看documentation

简而言之。 您可以使用已创建的授权过滤器或实现自己的

using Hangfire.Dashboard;

public class MyRestrictiveAuthorizationFilter : IAuthorizationFilter
{
    public bool Authorize(IDictionary<string, object> owinEnvironment)
    {
         // In case you need an OWIN context, use the next line.
         var context = new OwinContext(owinEnvironment);
         return false;
    }
}

其他信息:

另外,您可以查看包含所需逻辑的special package Hangfire.Dashboard.Authorization

答案 1 :(得分:0)

让我给出RestrictiveAuthorizationFilter的完整代码: 这样您就可以按照自己的意愿处理授权。

假设您已添加OWINStartup类。

<强> OWINStartup.cs 

using Owin;
using Hangfire;
using Hangfire.Dashboard;

public class OWINStartup
{
    public void Configuration(IAppBuilder app)
    {        
        GlobalConfiguration.Configuration.UseSqlServerStorage("String");
        DashboardOptions options = new DashboardOptions()
        {
            AuthorizationFilters = new IAuthorizationFilter[]
            {
                new MyRestrictiveAuthorizationFilter()
            }
        };
        app.UseHangfireDashboard("/hangfire", options);
    }
}

<强> RestrictiveAuthorizationFilter.cs 

using Hangfire.Dashboard;
using System.Collections.Generic;
using Microsoft.Owin;

public class MyRestrictiveAuthorizationFilter : IAuthorizationFilter
{
    public bool Authorize(IDictionary<string, object> owinEnvironment)
    {
        var context = new OwinContext(owinEnvironment);

        return context.Authentication.User.Identity.IsAuthenticated;
    }
}

注意:使用System.Collections。 Generic ;

参考文献: https://github.com/HangfireIO/Hangfire/issues/202

https://media.readthedocs.org/pdf/hangfire/latest/hangfire.pdf(第20页)

Hangfire.Dashboard.Authorization版本: 2.1.0

答案 2 :(得分:0)

在您的Startup.Cs中设置

  public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
    {
        //TODO
        app.UseHangfireDashboard("/hangfire", new DashboardOptions
        {
            Authorization = new[] { new MyAuthorizationFilter() }
        });
        app.UseHangfireDashboard();
        var options = new BackgroundJobServerOptions { WorkerCount = 1 };
        app.UseHangfireServer(options);    }

创建此类,它允许经过身份验证的用户查看仪表板

public class MyAuthorizationFilter : IDashboardAuthorizationFilter
{
    public bool Authorize(DashboardContext context)
    {
        var httpContext = context.GetHttpContext();

        // Allow all authenticated users to see the Dashboard (potentially dangerous).
        return httpContext.User.Identity.IsAuthenticated;
    }
}
相关问题
最新问题