Hangfire: How redirect to login page if hangfire authorization fails in .net core?

Created on 15 Feb 2018 · 7Comments · Source: HangfireIO/Hangfire

Can we redirect the user trying to browse hangfire url to some unauthorized page? I am using .net core 2.0. I have the following page in my file.

startup.cs

app.UseHangfireDashboard("/hangfire", new DashboardOptions { Authorization = new[] { new AuthorizationFilter() } });

AuthorizationFilter.cs

 public class AuthorizationFilter : IDashboardAuthorizationFilter
    {
        public bool Authorize([NotNull] DashboardContext context)
        {
            return null;
        }
    }

Source

diandsonc

Most helpful comment

That might be, but in case of specific usecases and scenarios there just isn't always someone who has an answer.

To this issue i can direct you towards thinking in layers. Always think in layers.

Its not the responsibility of a layer that checks for authorization to also care about where one might get the necessary authorization. Thats why we have Middleware in Asp.Net Core, to break an application into layers and handle each specific responsibility in a distinct layer decoupled from the other layers.

What happens when you don't return true from the Authorize-method is that Hangfire will return a Unuthorized response back to asp.net, which happens to have a StatusCode of 401. So what you can do is to catch that in the layer that handles redirect to login page in case SOMETHING in the app said that the request wasn't authorized.

Remember that in a application, there can be a gazillion possible methods that can trigger a Not Authorized response - image if all of those gazillion pssoble methods all should take care of doing a redirect to a login page. What a waste. No, that is handled seperately, centrally and well hidden away as a layer that sits there inspecting the statuscode of all responses, and reacts if the code happens to be 401. In asp.net core you can do it like this

app.UseStatusCodePages(async context => {
   var response = context.HttpContext.Response;

   if (response.StatusCode == (int)HttpStatusCode.Unauthorized)   
   {
      response.Redirect("/account/login")
   }
});

burningice2866 on 16 May 2018

👍3 🎉1

All 7 comments

Any updates on this?

SkogDev on 6 Apr 2018

Same problem. Have you guys found any workarounds?

SimonOrdo on 11 May 2018

@SimonOrdo No, unfortunately this library support is abandoned!

diandsonc on 16 May 2018

@diandsonc that's some statement there... so let me guess, its based on your personal discontent?

One always have the option to contribute or upgrade to Pro to get dedicated support. Spreading FUD like that doesn't serve anyone's interests.

burningice2866 on 16 May 2018

👍3

@burningice2866 When I spoke about support, I talked about users trying to help. I see several issues without interaction.

diandsonc on 16 May 2018

That might be, but in case of specific usecases and scenarios there just isn't always someone who has an answer.

To this issue i can direct you towards thinking in layers. Always think in layers.

app.UseStatusCodePages(async context => {
   var response = context.HttpContext.Response;

   if (response.StatusCode == (int)HttpStatusCode.Unauthorized)   
   {
      response.Redirect("/account/login")
   }
});

burningice2866 on 16 May 2018

👍3 🎉1

@diandsonc
Just use code below:

            if(!isAuthorized){
                var httpContext = context.GetHttpContext();
                httpContext.Response.Redirect("/account/login");
            }
            return true; //always return true