Hangfire Dashboard exposes sensitive information about your background jobs, including method names and serialized arguments as well as gives you an opportunity to manage them by performing different actions – retry, delete, trigger, etc.
So it is really important to restrict access to the Dashboard. To make it secure by default, only local requests are allowed.
However you can change this by passing your own implementations of the IDashboardAuthorizationFilter interface, whose Authorize method is used to allow or prohibit a request.
We can follow instruction given on configuring-authorization
Also, provides Hangfire.Dashboard.Authorization package for basic access authentication-based (simple login-password auth) as well as User, role and claims -based authorization. See in Hangfire.Dashboard.Authorization
Install a NuGet Package:
So, we don’t want to reinvent the wheel. Just install this package and follow as:
Basic Authorization (simple login-password auth):
Add/modified following in Startup.cs in Configuration section:
var options = new DashboardOptions
Authorization = new IDashboardAuthorizationFilter
// Case sensitive login checking
LoginCaseSensitive = true,
Users = new
Login = "Administrator-1",
// Password as plain text, SHA1 will be used
PasswordClear = "testdashboard"
Note: Place a call to the UseHangfireDashboard method after other authentication methods in your OWIN Startup class. Otherwise authentication may not work for you.