Skip to content

Instantly share code, notes, and snippets.

@ndc
Created September 1, 2018 12:30
Show Gist options
  • Save ndc/a1cc8e2515e5e0d941a884fc6a6267f5 to your computer and use it in GitHub Desktop.
Save ndc/a1cc8e2515e5e0d941a884fc6a6267f5 to your computer and use it in GitHub Desktop.
Hangfire dashboard authorization filter using basic authentication and relying on browser support to allow user to input username and password.
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using Hangfire.Annotations;
using Hangfire.Dashboard;
using Microsoft.AspNetCore.Http;
namespace MyApp.ScheduledTask
{
public class HFDashboardAuthFilter : Hangfire.Dashboard.IDashboardAuthorizationFilter
{
public bool Authorize([NotNull] DashboardContext context)
{
var httpContext = context.GetHttpContext();
var header = httpContext.Request.Headers["Authorization"];
if (string.IsNullOrWhiteSpace(header))
{
SetChallengeResponse(httpContext);
return false;
}
var authValues = System.Net.Http.Headers.AuthenticationHeaderValue.Parse(header);
if (!"Basic".Equals(authValues.Scheme, StringComparison.InvariantCultureIgnoreCase))
{
SetChallengeResponse(httpContext);
return false;
}
var parameter = System.Text.Encoding.UTF8.GetString(Convert.FromBase64String(authValues.Parameter));
var parts = parameter.Split(':');
if (parts.Length < 2)
{
SetChallengeResponse(httpContext);
return false;
}
var username = parts[0];
var password = parts[1];
if (string.IsNullOrWhiteSpace(username) || string.IsNullOrWhiteSpace(password))
{
SetChallengeResponse(httpContext);
return false;
}
if (username == "johndoe" && password == "123")
{
return true;
}
SetChallengeResponse(httpContext);
return false;
}
private void SetChallengeResponse(HttpContext httpContext)
{
httpContext.Response.StatusCode = 401;
httpContext.Response.Headers.Append("WWW-Authenticate", "Basic realm=\"Hangfire Dashboard\"");
httpContext.Response.WriteAsync("Authentication is required.");
}
}
}
@vukasinpetrovic
Copy link

Wow man, this is amazing. I was struggling to find a good solution for API type projects. I had an idea with query strings, but then hangfire does not allow them. This solution is perfect, I honestly did not know you can trigger built in browser login popup!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment