Open Closed

Control access to Hangfire dashboard with abp permission #1769

User avatar
0
Marten created

I am using Abp 4.4 Angular

I have added hangfire with the dashboard according to docs and added a specific permission in the abp permission system that I want to use to control access to the dashboard.

I have also implemented a custom IDashboardAuthorizationFilter according to Hangfire docs that get called when I try to open the dashboard and seem to be working fine (I get a 401 unauthorized).

My issue is that I am not sure how to authenticate and check the permission. I have tried logging in on host by opening https://localhost:44389/account/login and then seen that HttpContext.User.IsAuthenticated()=True in the HomeController, but when navigating to https://localhost:44389/hangfire after that context.GetHttpContext().User.Identity.IsAuthenticated=False in my IDashboardAuthorizationFilter.

Any thoughts on what I am doing wrong here is really appreciated.

Go to accepted answer
6 Answer(s)
  • User Avatar
    0
    EngincanV created
    Support Team .NET Developer

    Hi @Marten, with v5.0 Hangfire dashboard permission will be added to the framework. In meantime, you can examine the pull request to implement this feature.

    1 1
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    https://github.com/abpframework/abp/pull/9704

    1
  • User Avatar
    0
    Marten created

    Hi,

    I copied AbpHangfireAuthorizationFilter from the PR and added a dependency from my module where I have implemented hangfire to AbpAuthorizationAbstractionsModule but the IsLoggedIn-check in that authorization filter also returns false.

    The way I log in is navigating on host domain to /account/login which then redirects to /swagger and then I type /hangfire in the url field, is that the correct way to authenticate that should be working?

  • User Avatar
    0
    EngincanV created
    Support Team .NET Developer

    Can you check, you've defined the middleware after the authentication and authorization middlewares?

    Important: UseHangfireDashboard should be called after the authentication middleware in your Startup class (probably at the last line). Otherwise, authorization will always fail! => https://github.com/abpframework/abp/pull/9704/files#diff-6d147525b770cf239abbea8f3f835e87ddc637c8b8ec045b8ec85361be3662fd

  • User Avatar
    0
    Marten created

    That was it, thank you!

    I have hangfire implemented in a separate module and was calling UseHangfireDashboard in OnApplicationInitialization which when I debugged to test got called after OnApplicationInitialization of the ApiHost-module.

    I moved UseHangfireDashboardto OnPostApplicationInitialization and everything works fine.

    Thanks again for fast replies and help!

    2
  • User Avatar
    0
    EngincanV created
    Support Team .NET Developer

    You're welcome @Marten, thanks for your clear explanation.

    1
Assignee
No one
Labels
None yet
Boost Your Development
ABP Live Training
Packages
See Trainings
Mastering ABP Framework Book
The Official Guide
Mastering
ABP Framework
Learn More
Mastering ABP Framework Book
Made with ❤️ on ABP v10.0.0-preview. Updated on July 03, 2025, 08:38