How to secure healtchecks in ASP.NET Core?
Question
I am including the following nuget package: AspNetCore.Diagnostics.HealthChecks with the HealthChecks.UI part to graphically display the status of the configured services.
Is there anything already implemented to add security to it, so that cannot be displayed without security?
1 answers
solution1
5 2020-02-11 10:22:07
Health checks use the authentication and authorization mechanisms used for endpoint routing. The Health Checks guide explains how to use authorization with RequiresAuthorization , eg :
app.UseEndpoints(endpoints =>
{
endpoints.MapHealthChecks("/health").RequireAuthorization();
});
The default policy requires authentication only. The Authorization for specific endpoints section shows how to create custom authorization policies, and specify them by name, or by passing the policy name.
The last example, is probably more interesting :
app.UseEndpoints(endpoints =>
{
endpoints
.MapHealthChecks("/healthz")
.RequireAuthorization(new AuthorizeAttribute(){ Roles = "admin", });
});
The AuthorizeAttribute attribute implements IAuthorizeData , the interface implemented by all authorization policies.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.