如何保护 MVC Hangfire 仪表板

我正在使用Visual Studio 2013 MVC，我安装了"Hangfire"来执行计划任务。（http://hangfire.io/）

如何使用密码保护 Web 监控 UI 页面（http://localhost/Hangfire）？

谢谢

请查看文档

总之。您可以使用已创建的授权过滤器或实现自己的授权过滤器

using Hangfire.Dashboard;
public class MyRestrictiveAuthorizationFilter : IAuthorizationFilter
{
    public bool Authorize(IDictionary<string, object> owinEnvironment)
    {
         // In case you need an OWIN context, use the next line.
         var context = new OwinContext(owinEnvironment);
         return false;
    }
}

附加信息：

您也可以查看特殊软件包Hangfire.Dashboard.Authorization，其中包含您需要的逻辑

。

让我给出 RestrictiveAuthorizationFilter 的完整代码：这样，您可以根据需要处理授权。

假设您添加了 OWINStartup 类。

奥文斯塔普.cs

using Owin;
using Hangfire;
using Hangfire.Dashboard;
public class OWINStartup
{
    public void Configuration(IAppBuilder app)
    {        
        GlobalConfiguration.Configuration.UseSqlServerStorage("String");
        DashboardOptions options = new DashboardOptions()
        {
            AuthorizationFilters = new IAuthorizationFilter[]
            {
                new MyRestrictiveAuthorizationFilter()
            }
        };
        app.UseHangfireDashboard("/hangfire", options);
    }
}

限制性授权过滤器.cs

using Hangfire.Dashboard;
using System.Collections.Generic;
using Microsoft.Owin;
public class MyRestrictiveAuthorizationFilter : IAuthorizationFilter
{
    public bool Authorize(IDictionary<string, object> owinEnvironment)
    {
        var context = new OwinContext(owinEnvironment);
        return context.Authentication.User.Identity.IsAuthenticated;
    }
}

注意：使用System.Collections。通用;

引用：https://github.com/HangfireIO/Hangfire/issues/202

https://media.readthedocs.org/pdf/hangfire/latest/hangfire.pdf（第20页）

Hangfire.Dashboard.授权版本：2.1.0

在你的 Startup.Cs 中设置它

  public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
    {
        //TODO
        app.UseHangfireDashboard("/hangfire", new DashboardOptions
        {
            Authorization = new[] { new MyAuthorizationFilter() }
        });
        app.UseHangfireDashboard();
        var options = new BackgroundJobServerOptions { WorkerCount = 1 };
        app.UseHangfireServer(options);    }

创建此类，它允许经过身份验证的用户查看仪表板

public class MyAuthorizationFilter : IDashboardAuthorizationFilter
{
    public bool Authorize(DashboardContext context)
    {
        var httpContext = context.GetHttpContext();
        // Allow all authenticated users to see the Dashboard (potentially dangerous).
        return httpContext.User.Identity.IsAuthenticated;
    }
}

相关内容

最新更新

热门标签：