时间戳

首页 > 解决方案 > 来自 DataContext 的 Hangfire 身份验证

c# - 来自 DataContext 的 Hangfire 身份验证

问题描述

我正在尝试设置 Hangfire,以便只有管理员用户可以访问仪表板。我的User模型有一个属性UserRole,我可以将其与父枚举进行比较。

但是,我对如何从 Startup.cs 中将 DataContext 传递到 Authorization 过滤器感到困惑。

有没有我应该尝试访问用户对象的不同方式?

(我正在使用实体框架)


启动.cs

public void Configure(IApplication app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
    ...
    loggerFactory.AddConsole(Configuration.GetSection("Logging"));
        loggerFactory.AddDebug();

        app.UseHangfireDashboard("/hangfire", new DashboardOptions()
        {
            //ERROR here because I'm not passing in DataContext,
            //but I'm not sure how to do that...
            Authorization = new [] { new HangfireAuthorizationFilter() }
        });

        app.UseHangfireServer();
    ...
}

public class HangfireAuthorizationFilter : Controller, IDashboardAuthorizationFilter
{
    private readonly DataContext _context;

    public HangfireAuthorizationFilter(DataContext context)
    {
        _context = context;
    }

    public bool Authorize([NotNull] DashboardContext context)
    {
        var currentUserId = int.Parse(User.FindFirst(ClaimTypes.NameIdentifier).Value);

        try {
            var userFromRepo = _context.Users.First(u => u.Id == currentUserId);
            return userFromRepo.UserRole == UserRole.Admin;
        catch {
            return false;
        }
    }
}

标签: c#asp.net-corehangfire

解决方案

这就是我的设置:

public class HangfireAuthorizationFilter : IDashboardAuthorizationFilter
{
    public bool Authorize(DashboardContext context)
    {
        if (context.GetHttpContext().User.Identity.IsAuthenticated 
              && context.GetHttpContext().User.IsInRole("admin"))
        {
            return true;
        }
        return false;
    }
}

当然,您可以用您的 UserRole.Admin.ToString() 替换字符串“admin”

推荐阅读