关于这个问题: .NET Core WebApi 安全 Hangfire 仪表板与 Azure AD 登录
我已经通过hangfire仪表板的天蓝色AD身份验证实现了hangfire,就像上面问题中的jarodsmk答案一样。
我有一个将用户登录到 azure b2c 的前端,并且我在后端 API 上托管hangfire。
我不确定如何测试这个hangfire仪表板身份验证。在前端附加从 MSAL 收到的不记名令牌不起作用,我只收到 401 未经授权。
这就是我设置hangfire的方式以及相同的执行顺序:
public static void AddB2CAuthorisation(this IServiceCollection services, IConfiguration configuration)
{
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddMicrosoftIdentityWebApi(configuration.GetSection("AzureAdB2C"));
}
public static void AddHangfireAuthentication(this IServiceCollection services, IConfiguration configuration)
{
services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
.AddMicrosoftIdentityWebApp(configuration.GetSection("AzureAd"));
services.AddAuthorization(options =>
{
options.AddPolicy("HangfireAzureAdPolicy", builder =>
{
builder
.AddAuthenticationSchemes(JwtBearerDefaults.AuthenticationScheme)
.RequireAuthenticatedUser();
});
});
}
public static void AddHangfire(this IServiceCollection services, IConfiguration configuration)
{
services.AddHangfire(config => config
.SetDataCompatibilityLevel(CompatibilityLevel.Version_180)
.UseSimpleAssemblyNameTypeSerializer()
.UseRecommendedSerializerSettings()
.UseSqlServerStorage(configuration.GetConnectionString("MyDBConnectionString")));
services.AddHangfireServer();
}
在程序文件中:
app.UseHangfireDashboard();
app.UseEndpoints(endpoints =>
{
endpoints.AddHangfireRoute(); // rest of this is below
endpoints.MapRazorPages();
endpoints.MapControllers();
});
public static IEndpointRouteBuilder AddHangfireRoute(this IEndpointRouteBuilder endpoints)
{
endpoints.MapHangfireDashboard("/hangfire", new DashboardOptions
{
DashboardTitle = "Hangfire Dashboard Name",
Authorization = new []
{
new HangfireDashboardAuthorizationFilter()
}
})
.RequireAuthorization("HangfireAzureAdPolicy"); // Matches your policy name in Auth
return endpoints;
}
额外的授权过滤器:
public class HangfireDashboardAuthorizationFilter : IDashboardAuthorizationFilter
{
public bool Authorize([NotNull] DashboardContext context)
{
var httpContext = context.GetHttpContext();
return httpContext.User.Identity.IsAuthenticated;
}
}
最后,这是应用程序设置的结构
"AzureAdB2C": {
"Instance": "",
"Domain": "",
"ClientId": "",
"SignUpSignInPolicyId": ""
},
"AzureAd": {
"Instance": "",
"Domain": "",
"ClientId": "",
"TenantId": ""
},
部署API并在服务器上进行测试:domain/hangfire 使用 MSAL 生成的承载令牌进行测试,并将其作为授权承载标头附加到与上述相同的路由
问题是由于使用app.UseHangfireDashboard();引起的在调用endpoints.AddHangfireRoute()之前; 它使调用的第二个方法无效并且不应用配置