我在我的MVC网络应用程序中运行HangFire,但每当我尝试导航到
http://MyApp/hangfire时,它会将我重定向到我的应用程序的登录页面,就好像我没有登录一样.
我没有明确配置任何授权要求……例如.我在web.config中有以下内容,但后来试图让它工作.
<location path="hangfire">
<system.web>
<authorization>
<allow roles="Administrator" />
<deny users="*" />
</authorization>
</system.web>
从理论上讲,这就是我想要的,当我登录我的主Web应用程序时,我将以管理员角色登录,因此该规则应该有效.
但是,无论我是否在web.config中配置了它,每当我尝试导航到http://MyApp/hangfire时,它都会重定向到我在web.config中配置的应用程序登录页面:
<authentication mode="Forms"> <forms loginUrl="~/Account/Login" timeout="960" /> </authentication>
当我发布到我的主机时,它不会在我的本地计算机上执行此操作. HangFire在我登录时无法识别我的主应用程序提供的身份验证cookie吗?我一般认为,hangfire应用程序不需要身份验证,那么其他配置可能会认为它有什么作用?
更新1:
我按照hangfire docs添加了授权过滤器,但同样的事情发生了.这是我在Startup.cs中的代码:
using Hangfire; using Hangfire.Logging; using Hangfire.Dashboard; using Hangfire.sqlServer; using Microsoft.Owin; using OTIS.Web.AppCode; using OTISScheduler.AppServ; using Owin; using System.Web.Security; [assembly: OwinStartup(typeof(OTIS.Web.App_Start.Startup))] namespace OTIS.Web.App_Start { public class Startup { public void Configuration(IAppBuilder app) { app.UseHangfire(config => { config.UsesqlServerStorage("DefaultConnection"); config.UseServer(); //Dashboard authorization config.UseAuthorizationFilters(new AuthorizationFilter { Users = "USERA",// allow only specified users (comma delimited list) Roles = "Account Administrator,Administrator" // allow only specified roles(comma delimited list) }); }); LogProvider.SetCurrentLogProvider(new StubLogProviderForHangfire()); GlobalJobFilters.Filters.Add(new AutomaticRetryAttribute { Attempts = 0 }); var scheduleTasksInitializer = new ScheduleTasksInitializer(); scheduleTasksInitializer.ScheduleTasks(); } } }
更新2:
根据更多detailed instructions showing basic authentication,我也尝试了这个…仍然没有运气..将我转到我的应用程序的登录页面.
config.UseAuthorizationFilters(
new BasicAuthAuthorizationFilter(
new BasicAuthAuthorizationFilterOptions
{
// Require secure connection for dashboard
RequireSsl = false,SslRedirect = false,// Case sensitive login checking
LoginCaseSensitive = true,// Users
Users = new[]
{
new BasicAuthAuthorizationUser
{
Login = "MyLogin",// Password as plain text
PasswordClear = "MyPwd"
}
}
}));
解决方法
对于较新的版本,您应该使用IDashboardAuthorizationFilter.使用using语句,它将如下所示:
using System.Web;
using Hangfire.Annotations;
using Hangfire.Dashboard;
namespace Scheduler.Hangfire
{
public class HangFireAuthorizationFilter : IDashboardAuthorizationFilter
{
public bool Authorize([NotNull] DashboardContext context)
{
//can add some more logic here...
return HttpContext.Current.User.Identity.IsAuthenticated;
}
}
}
然后在配置部分:
app.UseHangfireDashboard("/jobs",new DashboardOptions()
{
Authorization = new [] {new HangFireAuthorizationFilter()}
});
