public bool Authorize(DashboardContext context) { return(true); //todo var isLocal = context.GetHttpContext().Request.IsLocal(); if (isLocal) { return(true); } var httpContext = context.GetHttpContext(); if (!httpContext.User.Identity.IsAuthenticated) { return(false); } if (!httpContext.User.HasClaim("Role", "Admin")) { return(false); } return(true); }
public bool Authorize([NotNull] DashboardContext context) { var http = context.GetHttpContext(); var jwt = http.Request.Cookies["JWT_TOKEN"]; if (jwt == "null") { return(false); } var handler = new JwtSecurityTokenHandler(); var token = handler.ReadToken(jwt) as JwtSecurityToken; if (token == null) { return(false); } var userID = Int32.Parse(token.Claims.First(c => c.Type == "unique_name").Value); var userService = context.GetHttpContext().RequestServices.GetRequiredService <IUserService>(); var user = userService.GetById(userID); if (user != null) { return(true); } return(false); }
public bool Authorize(DashboardContext context) { if (context.GetHttpContext().User.Identity.IsAuthenticated && context.GetHttpContext().User.IsInRole("admin")) { return(true); } return(false); }
public bool Authorize(DashboardContext context) { var httpcontext = context.GetHttpContext(); if (httpcontext.User.Identity.IsAuthenticated /*.IsInRole("Admin")*/) { return(true); } var httpContext = context.GetHttpContext(); httpContext.Response.Redirect("/Identity/Account/Login"); // httpContext.Response.Redirect("/hangfire"); return(true); //always return true }
public bool Authorize([NotNull] DashboardContext context) { if (!context.GetHttpContext().User.Identity.IsAuthenticated) { return(false); } var userSub = context.GetHttpContext().User.FindFirst("sub").Value; return(new JoinableTaskFactory(new JoinableTaskContext()).Run(async delegate { return await _membershipService.ReadUserInGroupsAsync(userSub, new[] { _authorizationSettings.HangfireAuthorizationGroup }); })); }
public bool Authorize(DashboardContext context) { var httpContext = context.GetHttpContext(); // if unknown, assume not local if (String.IsNullOrEmpty(context.Request.RemoteIpAddress)) { return(false); } // check if localhost if (context.Request.RemoteIpAddress == "127.0.0.1" || context.Request.RemoteIpAddress == "::1") { return(true); } // compare with local address if (context.Request.RemoteIpAddress == context.Request.LocalIpAddress) { return(true); } return(httpContext.User.Identity.IsAuthenticated && httpContext.User.IsInRole(Constants.Roles.Admin)); }
public bool Authorize(DashboardContext context) { var httpContext = context.GetHttpContext(); // Allow all authenticated users to see the Dashboard (potentially dangerous). return(httpContext.User.IsInRole(GlobalConstants.AdminRoleName)); }
public bool Authorize(DashboardContext context) { var http = context.GetHttpContext(); var token = _configuration.GetValue <string>("Hangfire:DashboardToken"); var cookie = http.Request.Cookies.FirstOrDefault(w => w.Key == "hangfire:token"); if (!string.IsNullOrEmpty(cookie.Value)) { return(cookie.Value == token); } var key = http.Request.Query["token"].FirstOrDefault(); if (key == null) { return(false); } if (key != token) { return(false); } http.Response.Cookies.Append("hangfire:token", token); return(true); }
/// <summary> /// /// </summary> /// <param name="context"></param> /// <returns></returns> public bool Authorize([NotNull] DashboardContext context) { var httpcontext = context.GetHttpContext(); var auth = httpcontext.Request.Cookies?["Auth"]; return(auth == AuthCode); }
public bool Authorize(DashboardContext context) { var httpContext = context.GetHttpContext(); // Allow all authenticated users to see the Dashboard (potentially dangerous). return(httpContext.User.Identity.IsAuthenticated); //allow access to any user }
public bool Authorize(DashboardContext context) { var httpContext = context.GetHttpContext(); // FIXME: This should be limited to admins return(httpContext.User.Identity.IsAuthenticated); }
public bool Authorize([NotNull] DashboardContext dashboardContext) { var context = dashboardContext.GetHttpContext(); string header = context.Request.Headers["Authorization"]; if (String.IsNullOrWhiteSpace(header) == false) { AuthenticationHeaderValue authValues = AuthenticationHeaderValue.Parse(header); if ("Basic".Equals(authValues.Scheme, StringComparison.OrdinalIgnoreCase)) { string parameter = Encoding.UTF8.GetString(Convert.FromBase64String(authValues.Parameter)); var parts = parameter.Split(':'); if (parts.Length > 1) { string login = parts[0]; string password = parts[1]; if ((String.IsNullOrWhiteSpace(login) == false) && (String.IsNullOrWhiteSpace(password) == false)) { return(Username == login && Password == password); } } } } return(Challenge(context)); }
public bool Authorize(DashboardContext context) { var httpContext = context.GetHttpContext(); // Allow only admins return(httpContext.User.IsInRole("Administrator")); }
public bool Authorize([NotNull] DashboardContext context) { var httpContext = context.GetHttpContext(); var authService = httpContext.RequestServices.GetRequiredService <IAuthorizationService>(); return(authService.AuthorizeAsync(httpContext.User, this.policyName).ConfigureAwait(false).GetAwaiter().GetResult().Succeeded); }
public bool Authorize([NotNull] DashboardContext context) { var httpContext = context.GetHttpContext(); if (httpContext.Request.Query.TryGetValue("token", out var token) && token.Count == 1) { try { var json = new JwtBuilder() .DoNotVerifySignature() .Decode <IDictionary <string, object> >(token.ToString()); var permission = json["permissions"] as JArray; var iss = json["iss"] as string; return(iss == issuer && permission != null && permission.Contains("")); } catch (TokenExpiredException ex) { Log.Error(ex, "Hangfire dashboard access denied because given token is expired."); } catch (SignatureVerificationException ex) { Log.Error(ex, "Hangfire dashboard access denied because the given token is invalid (invalid signature)."); } } return(false); }
public bool Authorize(DashboardContext context) { var httpContext = context.GetHttpContext(); string authHeader = httpContext.Request.Headers["Authorization"]; if (authHeader != null && authHeader.StartsWith("Basic ")) { // Get the encoded username and password var encodedUsernamePassword = authHeader.Split(' ', 2, StringSplitOptions.RemoveEmptyEntries)[1]?.Trim(); // Decode from Base64 to string var decodedUsernamePassword = Encoding.UTF8.GetString(Convert.FromBase64String(encodedUsernamePassword)); // Split username and password var username = decodedUsernamePassword.Split(':', 2)[0]; var password = decodedUsernamePassword.Split(':', 2)[1]; // Check if login is correct if (username == configuration["Hangfire:DashboardUsername"] && password == configuration["Hangfire:DashboardPassword"]) { return(true); } } // Return authentication type (causes browser to show login dialog) httpContext.Response.Headers["WWW-Authenticate"] = "Basic"; // Return unauthorized httpContext.Response.StatusCode = (int)HttpStatusCode.Unauthorized; return(false); }
public bool Authorize(DashboardContext context) { var httpContext = context.GetHttpContext(); // Allow all authenticated users to see the Dashboard (potentially dangerous). return(true); }
public bool Authorize([NotNull] DashboardContext context) { var httpContext = context.GetHttpContext(); var useRole = "HangfireOpenUser";// httpContext.User.FindFirst(ClaimTypes.Role)?.Value; return(useRole == AppRoles.RoleEnums.HangfireOpenUser.ToString()); }
public bool Authorize(DashboardContext context) { var httpContext = context.GetHttpContext(); Uri baseUrl = new Uri(configuration["WebAppUrl:Url"]); string url = new Uri(baseUrl, "/pages/refreshhangfire").ToString(); try { var access_token = String.Empty; var setCookie = false; //Try to get token from query string if (httpContext.Request.Query.ContainsKey("access_token")) { access_token = httpContext.Request.Query["access_token"].FirstOrDefault(); setCookie = true; } else if (httpContext.Request.Cookies.ContainsKey(HangFireCookieName)) { access_token = httpContext.Request.Cookies[HangFireCookieName]; } if (String.IsNullOrEmpty(access_token)) { httpContext.Response.Redirect(url, false); return(true); } SecurityToken validatedToken = null; JwtSecurityTokenHandler hand = new JwtSecurityTokenHandler(); var claims = hand.ValidateToken(access_token, this.tokenValidationParameters, out validatedToken); if (setCookie && claims?.Identity?.IsAuthenticated == true) { if (httpContext.Request.Cookies.ContainsKey(HangFireCookieName)) { httpContext.Response.Cookies.Delete(HangFireCookieName); } httpContext.Response.Cookies.Append(HangFireCookieName, access_token, new CookieOptions() { Expires = DateTime.Now.AddMinutes(CookieExpirationMinutes) }); } if (claims?.Identity?.IsAuthenticated == false) { httpContext.Response.Redirect(url, false); } return(true); } catch (Exception ex) { httpContext.Response.Redirect(url, false); return(true); } }
public bool Authorize(DashboardContext context) { var httpContext = context.GetHttpContext(); var userIdentity = httpContext.User.Identity; if (userIdentity.IsAuthenticated) { var provider = httpContext.RequestServices.GetRequiredService <ISharedXafApplicationProvider>(); var blazorApplication = provider.Application; var security = provider.Security; if (security.IsSecurityStrategyComplex()) { if (!security.IsActionPermissionGranted(nameof(JobSchedulerService.JobDashboard)) && !security.IsAdminPermissionGranted()) { using var objectSpace = blazorApplication.CreateObjectSpace(security?.UserType); var user = (ISecurityUserWithRoles)objectSpace.FindObject(security?.UserType, CriteriaOperator.Parse($"{nameof(ISecurityUser.UserName)}=?", userIdentity.Name)); return(user.Roles.Cast <IPermissionPolicyRole>().Any(role => role.IsAdministrative)); } return(true); } return(true); } return(false); }
public bool Authorize([NotNull] DashboardContext context) { var httpcontext = context.GetHttpContext(); return(true); }
public bool Authorize(DashboardContext context) { var httpContext = context.GetHttpContext(); // Allow only the specified Characters to access return(httpContext.User.Identity.IsAuthenticated && httpContext.User.HasClaim("Admin", "true")); }
string GetRequestBody(DashboardContext context) { using (var reader = new StreamReader(context.GetHttpContext().Request.Body)) { return(reader.ReadToEnd()); } }
public bool Authorize(DashboardContext context) { var httpContext = context.GetHttpContext(); // Allow all authenticated users to see the Dashboard (potentially dangerous). return(httpContext.User.Identity.IsAuthenticated); /*true;*/ // Never publish 'true' in production (use it for debug only) !!!!!!!! }
public Task <bool> AuthorizeAsync(DashboardContext context) { var httpContext = context.GetHttpContext(); var authService = httpContext.RequestServices.GetRequiredService <IAuthManager>(); return(authService.IsUserAdmin()); }
public bool Authorize(DashboardContext context) { var httpContext = context.GetHttpContext(); //return httpContext.User.Identity.IsAuthenticated; return(true); }
public bool Authorize(DashboardContext context) { var http = context.GetHttpContext(); if (http.Request.Headers.ContainsKey("Authorization")) { var authObj = _processAuthHeader(http.Request.Headers["Authorization"].ToString()); if (http.Request.QueryString.ToString().Contains("logout")) { _redis.KeyDelete(CacheKey.HangfireDashboardAuthPrefix + authObj["opaque"]); _redirect(http); return(true); } if (authObj["username"] == _config["Hangfire:User"]) { var a1 = _md5(string.Format("{0}:Need Login:{1}", authObj["username"], _config["Hangfire:Pass"])); var a2 = _md5(string.Format("{0}:{1}", http.Request.Method, authObj["uri"])); var nonce = _redis.StringGet(CacheKey.HangfireDashboardAuthPrefix + authObj["opaque"]); var validCode = _md5(string.Format("{0}:{1}:{2}:{3}:{4}:{5}", a1, nonce, authObj["nc"], authObj["cnonce"], authObj["qop"], a2)); if (authObj["response"] == validCode) { _redis.StringSet(CacheKey.HangfireDashboardAuthPrefix + authObj["opaque"], nonce, new TimeSpan(0, 5, 0)); return(true); } } } _challenge(http); return(false); }
public bool Authorize(DashboardContext context) { //#if DEBUG // // If we are in debug, always allow Hangfire access. // return true; //#else // var httpContext = context.GetHttpContext(); // var accessTokenHangfire = httpContext.Request.Cookies["accessTokenHangfire"]; // if (!string.IsNullOrEmpty(accessTokenHangfire)) // { // JwtSecurityTokenHandler handler = new JwtSecurityTokenHandler(); // JwtSecurityToken securityToken = handler.ReadToken(accessTokenHangfire) as JwtSecurityToken; // bool result = securityToken.Claims.Where(claim => claim.Type == "roles").Select(x=>x.Value).Contains(_role); // return result; // } // return false; //#endif var httpContext = context.GetHttpContext(); var accessTokenHangfire = httpContext.Request.Cookies["accessTokenHangfire"]; if (!string.IsNullOrEmpty(accessTokenHangfire)) { JwtSecurityTokenHandler handler = new JwtSecurityTokenHandler(); JwtSecurityToken securityToken = handler.ReadToken(accessTokenHangfire) as JwtSecurityToken; bool result = securityToken.Claims.Where(claim => claim.Type == "roles").Select(x => x.Value).Contains(_role); return(result); } return(false); }
public bool Authorize(DashboardContext context) { var httpContext = context.GetHttpContext(); // Allow all authenticated users to see the Dashboard (potentially dangerous). return(httpContext.User.Identity.IsAuthenticated && httpContext.User.IsInRole("CEO")); }
public bool Authorize([NotNull] DashboardContext context) { var httpContext = context.GetHttpContext(); var result = httpContext.Request.Cookies.TryGetValue("hangfire-key", out string value); return(result == true && value == "123"); }