Hangfire Dashboard授权配置不起作用
我已经下载了nu-get软件包Hangfire.Dashboard.Authorization
我正在尝试按照以下文档配置基于OWIN的授权,但我得到intellisense错误DashboardOptions.AuthorizationFilters is obsolete please use Authorization property instead
我也得到intellisense错误The type or namespace AuthorizationFilter and ClaimsBasedAuthorizationFilterd not be found
using Hangfire.Dashboard; using Hangfire.SqlServer; using Owin; using System; namespace MyApp { public class Hangfire { public static void ConfigureHangfire(IAppBuilder app) { GlobalConfiguration.Configuration .UseSqlServerStorage( "ApplicationDbContext", new SqlServerStorageOptions { QueuePollInterval = TimeSpan.FromSeconds(1) }); var options = new DashboardOptions { AuthorizationFilters = new[] { new AuthorizationFilter { Users = "admin, superuser", Roles = "advanced" }, new ClaimsBasedAuthorizationFilter("name", "value") } }; app.UseHangfireDashboard("/hangfire", options); app.UseHangfireServer(); } } }
*更新*
由于上面的nuget包没有用,我试图创建自己的自定义filter:
public class HangfireAuthorizationFilter : IAuthorizationFilter { public bool Authorize(IDictionary owinEnvironment) { // In case you need an OWIN context, use the next line, // `OwinContext` class is the part of the `Microsoft.Owin` package. var context = new OwinContext(owinEnvironment); // Allow all authenticated users to see the Dashboard (potentially dangerous). return context.Authentication.User.Identity.IsAuthenticated; } }
如何仅限制管理员角色,即语法是什么?
在配置hangfire仪表板之前,您需要确保在Startup.cs类中调用Configure(app)方法。
public partial class Startup { private static readonly ILog log = LogManager.GetLogger(System.Reflection.MethodBase.GetCurrentMethod ().DeclaringType); public void Configuration(IAppBuilder app) { //Hangfire Config GlobalConfiguration.Configuration.UseSqlServerStorage ("HangFireJobs"); app.UseHangfireServer(); log.Debug("Application Started"); ConfigureAuth(app); //this call placement is important var options = new DashboardOptions { Authorization = new[] { new CustomAuthorizationFilter() } }; app.UseHangfireDashboard("/hangfire", options); } }
然后在你的auth配置类中,你可以做一些简单的事情:
public class CustomAuthorizationFilter : IDashboardAuthorizationFilter { public bool Authorize(DashboardContext context) { if (HttpContext.Current.User.IsInRole("Admin")) { return true; } return false; } }
以这种方式定义仪表板选项对我有用 –
var options = new DashboardOptions { AuthorizationFilters = new List { new Hangfire.Dashboard.AuthorizationFilter { Users = "admin, superuser", Roles = "advanced" }, new Hangfire.Dashboard.ClaimsBasedAuthorizationFilter("name", "value") } };
我导入了以下命名空间 –
using System; using Owin; using Hangfire; using Hangfire.Dashboard; using System.Collections.Generic; using Hangfire.SqlServer;
是的,它向我显示了AuthorizationFilters的deprecated警告,并建议使用Authorization ,基本上将在版本2.0中删除IDashboardAuthorizationFilter接口,并且必须使用IDashboardAuthorizationFilter接口。
为此,您可以创建自己的自定义filter,实现IDashboardAuthorizationFilter并使用它。
public class MyAuthorizationFilter : IDashboardAuthorizationFilter { public bool Authorize(DashboardContext context) { //Implement } }