Hangfire.Dashboard.Authorization 3.1.0

Hangfire.Dashboard.Authorization

Some authorization filters for Hangfire's Dashboard for .NET Framework-based ASP.NET Applications.

Installation

This library is available as a NuGet Package:

Install-Package Hangfire.Dashboard.Authorization

Usage

All the available classes implement both IAuthorizationFilter and IDashboardAuthorizationFilter interfaces, and compatible with Hangfire.Core 1.6 and later.

OWIN-based authentication

using Hangfire.Dashboard;

public void Configure(IAppBuilder app)
{
    var options = new DashboardOptions
    {
        Authorization = new [] 
        {
            new AuthorizationFilter { Users = "admin, superuser", Roles = "advanced" },
            new ClaimsBasedAuthorizationFilter("name", "value")
        }
    };
    app.UseHangfireDashboard("/hangfire", options);
}

Basic authentication

Note: If you are using basic authentication together with OWIN security, configure Hangfire BEFORE OWIN security configuration.

Please, keep in mind, if you have no SSL-based instance for your web application you have to disable SslRedirect and RequireSsl options (it's enabled by default for security reasons). Otherwise you will have dead redirect.

var filter = new BasicAuthAuthorizationFilter(
    new BasicAuthAuthorizationFilterOptions
    {
        // Require secure connection for dashboard
        RequireSsl = true,
        // Case sensitive login checking
        LoginCaseSensitive = true,
        // Users
        Users = new[]
        {
            new BasicAuthAuthorizationUser
            {
                Login = "Administrator-1",
                // Password as plain text, SHA1 will be used
                PasswordClear = "test"
            },
            new BasicAuthAuthorizationUser
            {
                Login = "Administrator-2",
                // Password as SHA1 hash
                Password = new byte[]{0xa9,
                    0x4a, 0x8f, 0xe5, 0xcc, 0xb1, 0x9b,
                    0xa6, 0x1c, 0x4c, 0x08, 0x73, 0xd3,
                    0x91, 0xe9, 0x87, 0x98, 0x2f, 0xbb,
                    0xd3}
            }
        }
});

It is also possible to use other than SHA1 crypto provider by specifying it when creating a user:

var user = new BasicAuthAuthorizationUser(HMAC.Create)
{
    Login = "Admin",
    PasswordClear = "Password" // HMAC will be used instead
}

How to generate password hash

Just run this code:

string password = "<your password here>";
using (var cryptoProvider = System.Security.Cryptography.SHA1.Create())
{
    byte[] passwordHash = cryptoProvider.ComputeHash(Encoding.UTF8.GetBytes(password));
    string result = "new byte[] { " + 
        String.Join(",", passwordHash.Select(x => "0x" + x.ToString("x2")).ToArray())
         + " } ";
}

The result variable will contain byte array definition with your password.

No packages depend on Hangfire.Dashboard.Authorization.

https://github.com/HangfireIO/Hangfire.Dashboard.Authorization/releases 3.1.0 • Project – Full source link support with embedded symbols and repository-based sources. • Project – Enable static analysis via the Microsoft.CodeAnalysis.NetAnalyzers package. • Project – Sign NuGet package and .NET assemblies with a code signing certificate. • Project – Require signature validation when restoring NuGet packages. • Project – Use deterministic and locked package restore for projects. • Project – Add more metadata for assemblies and NuGet package. 3.0.1 • Changed – Upgrade internal version of `Microsoft.Owin` package to 4.2.2. • Security – Avoid CVE-2020-1045 vulnerability by upgrading `Microsoft.Owin` package. 3.0.0 • Added – All classes now implement `IDashboardAuthorizationFilter` interface appeared in Hangfire 1.6.0 (by @antonioseric, @spoofi). • Added – It's possible to use custom crypto provider such as `HMAC` when creating a BasicAuth user (by @faizulhaque). • Changed – Minimal `Hangfire.Core` package version is bumped to 1.6.0. • Changed – Internalized `Microsoft.Owin` package version is now 3.1.0. • Fixed – Remove `AssemblyFileVersion` attribute to avoid problems with installers and GAC (by @fire-eagle). • Fixed – Different `README.md` updates and fixes (by @spoofi). 2.1.0 • Added – Basic authentication filter (by @sergun). • Added – Check `Authentication.User` is not null in claims authorization filter (by @pjcunningham).

.NET Framework 4.5

Version Downloads Last updated
3.1.0 3 4/21/2024
3.0.1 3 6/25/2023
3.0.0 1 2/27/2025
2.1.0 1 2/27/2025
2.0.0 1 2/27/2025
1.0.1 1 2/27/2025
1.0.0 1 2/27/2025
1.0.0-alpha1 1 2/27/2025