无法使用授权样板代码访问 Hangfire 仪表板

Question

我可以从本地环境访问 Hangfire 仪表板，但无法从部署的服务器访问它。 初步搜索显示我需要启用授权。 所以我有，根据非常简单的样板示例。

首先，我创建了这个类，其中Authorize方法应该强制批准：

public class HangFireAuthorizationFilter : IDashboardAuthorizationFilter
{
    public bool Authorize([NotNull] DashboardContext context)
    {
        return true;

        //var httpContext = context.GetHttpContext();

        //// Allow all authenticated users to see the Dashboard (potentially dangerous).
        //return httpContext.User.Identity.IsAuthenticated;
    }
}

然后我添加了配置：

app.UseHangfireDashboard("/hangfire", new DashboardOptions
{
    Authorization = new[] { new HangFireAuthorizationFilter() }
});

但是在我部署并尝试访问/hangfire页面后，我在日志中看到了这一点：

fail: Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery[7]
  An exception was thrown while deserializing the token.
  Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException: The antiforgery token could not be decrypted.
   ---> System.Security.Cryptography.CryptographicException: The key {450e662b-997d-4b41-b70b-3290373a73a7} was not found in the key ring.
     at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.UnprotectCore(Byte[] protectedData, Boolean allowOperationsOnRevokedKeys, UnprotectStatus& status)
     at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.DangerousUnprotect(Byte[] protectedData, Boolean ignoreRevocationErrors, Boolean& requiresMigration, Boolean& wasRevoked)
     at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.Unprotect(Byte[] protectedData)
     at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgeryTokenSerializer.Deserialize(String serializedToken)
     --- End of inner exception stack trace ---
     at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgeryTokenSerializer.Deserialize(String serializedToken)
     at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery.GetCookieTokenDoesNotThrow(HttpContext httpContext)

可能还有其他我没有考虑的事情吗？

Answer 1

我让它工作了，但解决方案不寻常，与文档不匹配。

将DashboardOptions对象从UseHangfireDashboard()方法移动到MapHangfireDashboard()方法有效。

endpoints.MapHangfireDashboard("/hangfire", new DashboardOptions
{
    Authorization = new[] { new HangFireAuthorizationFilter() }
});