如何保护 MVC Hangfire 仪表板
How can I protect MVC Hangfire Dashboard
我正在使用 Visual Studio 2013 MVC,并且我安装了 "Hangfire" 来执行计划任务。 (http://hangfire.io/)
如何使用密码保护 Web 监控 UI 页面 (http://localhost/Hangfire)?
谢谢
简而言之。
您可以使用已经创建的授权过滤器或实施您自己的
using Hangfire.Dashboard;
public class MyRestrictiveAuthorizationFilter : IAuthorizationFilter
{
public bool Authorize(IDictionary<string, object> owinEnvironment)
{
// In case you need an OWIN context, use the next line.
var context = new OwinContext(owinEnvironment);
return false;
}
}
附加信息:
您还可以查看 special package Hangfire.Dashboard.Authorization,其中包含您需要的逻辑
让我给出 RestrictiveAuthorizationFilter 的完整代码:
这样您就可以随心所欲地处理授权。
假设您添加了 OWINStartup class。
OWINStartup.cs
using Owin;
using Hangfire;
using Hangfire.Dashboard;
public class OWINStartup
{
public void Configuration(IAppBuilder app)
{
GlobalConfiguration.Configuration.UseSqlServerStorage("String");
DashboardOptions options = new DashboardOptions()
{
AuthorizationFilters = new IAuthorizationFilter[]
{
new MyRestrictiveAuthorizationFilter()
}
};
app.UseHangfireDashboard("/hangfire", options);
}
}
RestrictiveAuthorizationFilter.cs
using Hangfire.Dashboard;
using System.Collections.Generic;
using Microsoft.Owin;
public class MyRestrictiveAuthorizationFilter : IAuthorizationFilter
{
public bool Authorize(IDictionary<string, object> owinEnvironment)
{
var context = new OwinContext(owinEnvironment);
return context.Authentication.User.Identity.IsAuthenticated;
}
}
注意: 使用 System.Collections.Generic;
参考资料:
https://github.com/HangfireIO/Hangfire/issues/202
https://media.readthedocs.org/pdf/hangfire/latest/hangfire.pdf(第 20 页)
Hangfire.Dashboard.Authorization版本:2.1.0
在您的 Startup.Cs
中进行设置
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
//TODO
app.UseHangfireDashboard("/hangfire", new DashboardOptions
{
Authorization = new[] { new MyAuthorizationFilter() }
});
app.UseHangfireDashboard();
var options = new BackgroundJobServerOptions { WorkerCount = 1 };
app.UseHangfireServer(options); }
创建此 class,它允许经过身份验证的用户查看仪表板
public class MyAuthorizationFilter : IDashboardAuthorizationFilter
{
public bool Authorize(DashboardContext context)
{
var httpContext = context.GetHttpContext();
// Allow all authenticated users to see the Dashboard (potentially dangerous).
return httpContext.User.Identity.IsAuthenticated;
}
}
我正在使用 Visual Studio 2013 MVC,并且我安装了 "Hangfire" 来执行计划任务。 (http://hangfire.io/)
如何使用密码保护 Web 监控 UI 页面 (http://localhost/Hangfire)?
谢谢
简而言之。 您可以使用已经创建的授权过滤器或实施您自己的
using Hangfire.Dashboard;
public class MyRestrictiveAuthorizationFilter : IAuthorizationFilter
{
public bool Authorize(IDictionary<string, object> owinEnvironment)
{
// In case you need an OWIN context, use the next line.
var context = new OwinContext(owinEnvironment);
return false;
}
}
附加信息:
您还可以查看 special package Hangfire.Dashboard.Authorization,其中包含您需要的逻辑
让我给出 RestrictiveAuthorizationFilter 的完整代码: 这样您就可以随心所欲地处理授权。
假设您添加了 OWINStartup class。
OWINStartup.cs
using Owin;
using Hangfire;
using Hangfire.Dashboard;
public class OWINStartup
{
public void Configuration(IAppBuilder app)
{
GlobalConfiguration.Configuration.UseSqlServerStorage("String");
DashboardOptions options = new DashboardOptions()
{
AuthorizationFilters = new IAuthorizationFilter[]
{
new MyRestrictiveAuthorizationFilter()
}
};
app.UseHangfireDashboard("/hangfire", options);
}
}
RestrictiveAuthorizationFilter.cs
using Hangfire.Dashboard;
using System.Collections.Generic;
using Microsoft.Owin;
public class MyRestrictiveAuthorizationFilter : IAuthorizationFilter
{
public bool Authorize(IDictionary<string, object> owinEnvironment)
{
var context = new OwinContext(owinEnvironment);
return context.Authentication.User.Identity.IsAuthenticated;
}
}
注意: 使用 System.Collections.Generic;
参考资料: https://github.com/HangfireIO/Hangfire/issues/202
https://media.readthedocs.org/pdf/hangfire/latest/hangfire.pdf(第 20 页)
Hangfire.Dashboard.Authorization版本:2.1.0
在您的 Startup.Cs
中进行设置 public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
//TODO
app.UseHangfireDashboard("/hangfire", new DashboardOptions
{
Authorization = new[] { new MyAuthorizationFilter() }
});
app.UseHangfireDashboard();
var options = new BackgroundJobServerOptions { WorkerCount = 1 };
app.UseHangfireServer(options); }
创建此 class,它允许经过身份验证的用户查看仪表板
public class MyAuthorizationFilter : IDashboardAuthorizationFilter
{
public bool Authorize(DashboardContext context)
{
var httpContext = context.GetHttpContext();
// Allow all authenticated users to see the Dashboard (potentially dangerous).
return httpContext.User.Identity.IsAuthenticated;
}
}