无法刷新 hangfire 仪表板中的统计信息

Unable to refresh the statistics in hangfire dashboard

我的网站运行在同一台服务器上挂火。

hangfire 仪表板在本地运行良好。但是,当我在服务器计算机上访问 http://localhost/hangfire/recurring 时,它报告此错误:

Unable to refresh the statistics: the server responded with 500 (Internal Server Error). Try reloading the page manually, or wait for automatic reload that will happen in a minute.

我在 Chrome DevTools 上发现了问题:http:///localhost/hangfire/stats returns 500(内部服务器错误)。

很快我找到了关于这个的日志:

2021-05-29 15:35:55.6185|7|ERROR|Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery|An exception was thrown while deserializing the token. Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException: The antiforgery token could not be decrypted.
 ---> System.Security.Cryptography.CryptographicException: The key {a2487e3b-0ba1-4f7f-9679-8721bb79278e} was not found in the key ring.
   at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.UnprotectCore(Byte[] protectedData, Boolean allowOperationsOnRevokedKeys, UnprotectStatus& status)
   at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.DangerousUnprotect(Byte[] protectedData, Boolean ignoreRevocationErrors, Boolean& requiresMigration, Boolean& wasRevoked)
   at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.Unprotect(Byte[] protectedData)
   at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgeryTokenSerializer.Deserialize(String serializedToken)
   --- End of inner exception stack trace ---
   at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgeryTokenSerializer.Deserialize(String serializedToken)
   at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery.GetCookieTokenDoesNotThrow(HttpContext httpContext)
2021-05-29 15:35:55.6185|1|ERROR|Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware|An unhandled exception has occurred while executing the request. System.ArgumentNullException: The required antiforgery cookie token must be provided. (Parameter 'cookieToken')
   at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgeryTokenGenerator.TryValidateTokenSet(HttpContext httpContext, AntiforgeryToken cookieToken, AntiforgeryToken requestToken, String& message)
   at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery.IsRequestValidAsync(HttpContext httpContext)
   at Hangfire.Dashboard.AspNetCoreDashboardMiddleware.Invoke(HttpContext httpContext)
   at Microsoft.AspNetCore.Builder.Extensions.MapMiddleware.Invoke(HttpContext context)
   at Sample.Middleware.LanguageCheckerMiddleware.Invoke(HttpContext context) in D:\Sample\Middleware\LanguageCheckerMiddleware.cs:line 55
   at Sample.Middleware.AdminBlackListMiddleware.Invoke(HttpContext context) in D:\Sample\Middleware\AdminBlackListMiddleware.cs:line 69
   at Microsoft.AspNetCore.Diagnostics.StatusCodePagesMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Localization.RequestLocalizationMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.<Invoke>g__Awaited|6_0(ExceptionHandlerMiddleware middleware, HttpContext context, Task task)

我已经在每个 public async Task Invoke(HttpContext context) 中间件中添加了这些代码以防止它阻止 hangfire 但问题仍然存在:

if (context.Request.Host.Host.ToLower() == "localhost")
            {
                await _next.Invoke(context);
                return;
            }

我该如何解决这个问题?谢谢。

在startup.cs中添加:

app.UseHangfireDashboard("/hangfire", new DashboardOptions
            {
                Authorization = new[] {new HangfireAuthFilter()},
                IgnoreAntiforgeryToken = true                                 // <--This
            });

现在可以了。

如果您在 Startup.cs 中的 Configure 方法中调用 Hangfire,下面的代码将通过跳过 IgnoreAntiforgeryToken 检查来绕过错误。

不过需要注意的是,这会降低 Hangfire 的安全性。

    app.UseEndpoints(endpoints =>
    {
        endpoints.MapControllerRoute(
            name: "default",
            pattern: "{controller=Home}/{action=Index}/{id?}");
        endpoints.MapRazorPages();
        endpoints.MapHangfireDashboard("/hangfire", new DashboardOptions
        {
            Authorization = new[] { new HangfireAuthorizationFilter() },
            IgnoreAntiforgeryToken = true
        });
    });

对于 app.UseHangfireDashboard()

,您需要将 DashboardOptions 值传递给 endpoints.MapHangfireDashboard()