zoukankan      html  css  js  c++  java

  • 关于 hangfire 的权限问题

    hangfire 是一个分布式后台执行服务。

    官网:http://hangfire.io/

    我看中hangfire的地方是

    1:使用简单

    2:多种持久化保存方案。支持sqlserver ,msmq等 ,其他的redis 等持久化方案要收费。不过自己扩展不是难事。hangfire基于net3.5的extension扩展。

    3:有监控系统,并且可以和其他监控系统集成。 

    回顾正题:

    hangfire在部署到iis环境上,通过地址访问的时候会出现401未授权错误。通过代码分析是由于hangfire内建授权机制造成的问题。

    在分析源码前,建议先对owin做个了解:

    http://www.cnblogs.com/dudu/p/what-is-owin.html

    http://owin.org/

    hangfire继承了OwinMiddleware,在每次请求的时候会去执行IAuthorizationFilter的实现。

       internal class DashboardMiddleware : OwinMiddleware
    {
        private readonly JobStorage _storage;
        private readonly RouteCollection _routes;
        private readonly IEnumerable<IAuthorizationFilter> _authorizationFilters;

     
        public override Task Invoke(IOwinContext context)
        {
            var dispatcher = _routes.FindDispatcher(context.Request.Path.Value);
            
            if (dispatcher == null)
            {
                return Next.Invoke(context);
            }
             
            foreach (var filter in _authorizationFilters)
            {
                if (!filter.Authorize(context.Environment))
                {
                    context.Response.StatusCode = (int) HttpStatusCode.Unauthorized;
                    return Task.FromResult(false);
                }
            }

            var dispatcherContext = new RequestDispatcherContext(
                _storage,
                context.Environment,
                dispatcher.Item2);

            return dispatcher.Item1.Dispatch(dispatcherContext);
        }
    }

    hangfire默认加载了 LocalRequestsOnlyAuthorizationFilter 

        public class LocalRequestsOnlyAuthorizationFilter : IAuthorizationFilter
    {
        public bool Authorize(IDictionary<string, object> owinEnvironment)
        {
            var context = new OwinContext(owinEnvironment);
            var remoteAddress = context.Request.RemoteIpAddress;

            // if unknown, assume not local
            if (String.IsNullOrEmpty(remoteAddress))
                return false;

            // check if localhost
            if (remoteAddress == "127.0.0.1" || remoteAddress == "::1")
                return true;

            // compare with local address
            if (remoteAddress == context.Request.LocalIpAddress)
                return true;

            return false;
        }
    }

    可以看出来对remoteaddress做了限制。

    如果不考虑安全的场合,可以采用以下做法:

        public class Startup
    {
        public void Configuration(IAppBuilder app)
        {
            app.UseHangfire(config =>
            {
                config.UseAuthorizationFilters(new DontUseThisAuthorizationFilter());

                config
                    .UseSqlServerStorage(@"server=xxxxx;database=Hangfire;uid=sa;pwd=123.com")
                    .UseMsmqQueues(@".Private$hangfire{0}", "default", "critical");
            });

             app.MapHangfireDashboard();
        }
    }
        public class DontUseThisAuthorizationFilter : IAuthorizationFilter
    {
        public bool Authorize(IDictionary<string, object> owinEnvironment)
        {
            return true;
        }
    }
     

    如果需要结合现有系统权限机制的场合,也是实现IAuthorizationFilter:

     GlobalContext.Current.UserInfo是我们系统内部的一个上下文class。
        public class CustomAuthorizationFilter : IAuthorizationFilter
    {
        public bool Authorize(IDictionary<string, object> owinEnvironment)
        {
            var context = new OwinContext(owinEnvironment);
            if ( GlobalContext.Current.UserInfo==null){
                string urls = "/Index/Login?url=" + context.Request.Uri.Host;
                context.Response.Redirect(urls);
                return false;  
            }
            return true; 
        }
    }
  • 相关阅读:
    题解报告:hdu1995汉诺塔V(递推dp)
    黑色CSS3立体动画菜单
    jQuery计算器插件
    CSS3动画库animate.css
    缩略图悬浮效果的jQuery焦点图
    CSS伪元素实现的3D按钮
    CSS3 3D旋转按钮对话框
    jQuery仿Android锁屏图案应用
    jQuery横向图片手风琴
    jQuery滑动杆打分插件
  • 原文地址:https://www.cnblogs.com/yuanhuaming/p/4378290.html
Copyright © 2011-2022 走看看