Open Closed

Control access to Hangfire dashboard with abp permission #1769


User avatar
0
Marten created

I am using Abp 4.4 Angular

I have added hangfire with the dashboard according to docs and added a specific permission in the abp permission system that I want to use to control access to the dashboard.

I have also implemented a custom IDashboardAuthorizationFilter according to Hangfire docs that get called when I try to open the dashboard and seem to be working fine (I get a 401 unauthorized).

My issue is that I am not sure how to authenticate and check the permission. I have tried logging in on host by opening https://localhost:44389/account/login and then seen that HttpContext.User.IsAuthenticated()=True in the HomeController, but when navigating to https://localhost:44389/hangfire after that context.GetHttpContext().User.Identity.IsAuthenticated=False in my IDashboardAuthorizationFilter.

Any thoughts on what I am doing wrong here is really appreciated.


6 Answer(s)
  • User Avatar
    0
    EngincanV created
    Support Team

    Hi @Marten, with v5.0 Hangfire dashboard permission will be added to the framework. In meantime, you can examine the pull request to implement this feature.

  • User Avatar
    0
    maliming created
    Support Team

    hi

    https://github.com/abpframework/abp/pull/9704

  • User Avatar
    0
    Marten created

    Hi,

    I copied AbpHangfireAuthorizationFilter from the PR and added a dependency from my module where I have implemented hangfire to AbpAuthorizationAbstractionsModule but the IsLoggedIn-check in that authorization filter also returns false.

    The way I log in is navigating on host domain to /account/login which then redirects to /swagger and then I type /hangfire in the url field, is that the correct way to authenticate that should be working?

  • User Avatar
    0
    EngincanV created
    Support Team

    Can you check, you've defined the middleware after the authentication and authorization middlewares?

    Important: UseHangfireDashboard should be called after the authentication middleware in your Startup class (probably at the last line). Otherwise, authorization will always fail! => https://github.com/abpframework/abp/pull/9704/files#diff-6d147525b770cf239abbea8f3f835e87ddc637c8b8ec045b8ec85361be3662fd

  • User Avatar
    0
    Marten created

    That was it, thank you!

    I have hangfire implemented in a separate module and was calling UseHangfireDashboard in OnApplicationInitialization which when I debugged to test got called after OnApplicationInitialization of the ApiHost-module.

    I moved UseHangfireDashboardto OnPostApplicationInitialization and everything works fine.

    Thanks again for fast replies and help!

  • User Avatar
    0
    EngincanV created
    Support Team

    You're welcome @Marten, thanks for your clear explanation.

Made with ❤️ on ABP v9.1.0-rc.1. Updated on January 17, 2025, 14:13