why IsAuthenticated and IsInRole always false in HangfireAuthorizationFilter?

[urmatgit]

log in as an administrator

Startup.cs
...
services.AddHangfire(x => x.UseSQLiteStorage(_configuration.GetConnectionString("DefaultConnectionSqlite")));
services.AddHangfireServer();
...
...
app.UseHangfireDashboard("/jobs", new DashboardOptions
{
DashboardTitle = localizer["BlazorHero Jobs"],
Authorization = new[] { new HangfireAuthorizationFilter() }
});
...
public class HangfireAuthorizationFilter : IDashboardAuthorizationFilter
{
public bool Authorize(DashboardContext context)
{
//TODO implement authorization logic

        var httpContext = context.GetHttpContext();

        // Allow all authenticated users to see the Dashboard (potentially dangerous).
        var IsAuthenticated = httpContext.User.Identity.IsAuthenticated;
        var IsInRole= httpContext.User.IsInRole(Permissions.Hangfire.View);
        //return httpContext.User.Identity.IsAuthenticated;
        //return httpContext.User.IsInRole(Permissions.Hangfire.View);

        return true;
    }
}

...

[nbiada]

Hi @urmatgit ,
this is not an issue.
When you click on the Hangfire menu item there isn't any "bearer token" attached to the link.
Is not possible to pass an header with a Blazor or href link.
So you need to inplement a method to pass the actual access token and read the value in the HangfireAuthorizationFilter.

In attach you can find a solution.
I attach the actual token to the link in the Navmenu and read the token in the filter.
Then I read the claims and check for the Permissions.Hangfire.View.
Because Hangfire internally calls a lot of time this Authorization filter we need to store the token in a cookie and read the value from the second call onward.

Hope this help.

HangfireAuthorizationFilter.cs

public bool Authorize(DashboardContext context)
        {
            //TODO implement authorization logic
            
            var httpContext = context.GetHttpContext();
            string jwtToken = "";
            var read = httpContext.Request.Query.TryGetValue("token", out var jwtTokenFromQuery);
            if (read)
            {
                jwtToken = jwtTokenFromQuery.ToString();
                CookieOptions options = new CookieOptions
                {
                    Expires = DateTime.Now.AddMinutes(60)
                };
                httpContext.Response.Cookies.Append("token", jwtToken, options);
            }
            else
            {
                read = httpContext.Request.Cookies.TryGetValue("token", out jwtToken);
            }

            if (!read) return false;

            var handler = new JwtSecurityTokenHandler();
            var token = handler.ReadJwtToken(jwtToken);
            if (token is null) return false;
            var hangfireViewPermission =
                token.Claims.Any(w => w.Value.Equals(Permissions.Hangfire.View));

            return hangfireViewPermission;

NavMenu.razor

@if (_canViewHangfire)
    {
        <MudNavLink Href="@_jobsLink" Target="_blank" Icon="@Icons.Material.Outlined.Work">
            @_localizer["Hangfire"]
        </MudNavLink>
    }

...
    private string _accessToken;
    private string _jobsLink;
protected override async Task OnParametersSetAsync()
    {
...
        _accessToken = await _localStorage.GetItemAsync<string>(StorageConstants.Local.AuthToken);
        _jobsLink = $"/jobs?token={_accessToken}";
    }

[urmatgit]

ok, thanks!

[nbiada]

Refer to my PR #270 for a complete example with expiration time taken from JWT