private static bool CheckIpAddress(DashboardContext context, AspNetCoreDashboardContext aspNetCoreContext) { var diagOptions = aspNetCoreContext.HttpContext.RequestServices .GetRequiredService <IOptionsSnapshot <DiagnosticsOptions> >(); string[] ipAddresses = diagOptions.Value?.AllowedIPAddresses; return(ipAddresses != null && Array.IndexOf(ipAddresses, context.Request.RemoteIpAddress) != -1); }
private bool Challenge(AspNetCoreDashboardContext context) { context.HttpContext.Response.OnStarting(async(state) => { context.HttpContext.Response.StatusCode = 401; context.HttpContext.Response.Headers.Append("WWW-Authenticate", "Basic realm=\"Hangfire Dashboard\""); var buffer = Encoding.UTF8.GetBytes("Authentication is required."); await context.Response.Body.WriteAsync(buffer, 0, (int)buffer.Length); }, false); return(false); }
public async Task Invoke(HttpContext httpContext) { var aspNetCoreDashboardContext = new AspNetCoreDashboardContext(_jobStorage, _dashboardOptions, httpContext); var findResult = _routeCollection.FindDispatcher(httpContext.Request.Path.Value); if (findResult == null) { await _nextRequestDelegate.Invoke(httpContext); return; } //attempt to authenticate against cookies scheme //this will attempt to authenticate using data in request, but doesn't send challenge var result = await httpContext.AuthenticateAsync(CookieAuthenticationDefaults.AuthenticationScheme); if (!result.Succeeded) { return; } if (_dashboardOptions.Authorization.Any(filter => filter.Authorize(aspNetCoreDashboardContext) == false)) { var isAuthenticated = result.Principal?.Identity?.IsAuthenticated ?? false; if (isAuthenticated == false) { httpContext.Response.StatusCode = (int)HttpStatusCode.Unauthorized; } else { httpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; } return; } aspNetCoreDashboardContext.UriMatch = findResult.Item2; await findResult.Item1.Dispatch(aspNetCoreDashboardContext); }
public async Task Invoke(HttpContext httpContext) { var findResult = _routes.FindDispatcher(httpContext.Request.Path.Value); if (findResult == null) { await _next.Invoke(httpContext); return; } //attempt to authenticate against default auth scheme (this will attempt to authenticate using data in request, //but doesn't send challenge) var result = await httpContext.AuthenticateAsync(); if (!result.Succeeded) { //request was not authenticated, send challenge and do not continue processing this request await httpContext.ChallengeAsync(); return; } var aspNetCoreDashboardContext = new AspNetCoreDashboardContext(_storage, _options, httpContext); foreach (var filter in _options.Authorization) { if (filter.Authorize(aspNetCoreDashboardContext) == false) { var isAuthenticated = httpContext.User?.Identity?.IsAuthenticated; httpContext.Response.StatusCode = isAuthenticated == true ? (int)HttpStatusCode.Forbidden : (int)HttpStatusCode.Unauthorized; return; } } aspNetCoreDashboardContext.UriMatch = findResult.Item2; await findResult.Item1.Dispatch(aspNetCoreDashboardContext); }