'Can't access Hangfire Dashboard using Authorization boilerplate code

I can access the Hangfire dashboard from my local environment, but can't access it from a deployed server. Initial searches showed that I needed to enable authorization. So I have, according to very simple boilerplate examples.

First, I created this class where the Authorize method should force an approval:

public class HangFireAuthorizationFilter : IDashboardAuthorizationFilter
{
    public bool Authorize([NotNull] DashboardContext context)
    {
        return true;

        //var httpContext = context.GetHttpContext();

        //// Allow all authenticated users to see the Dashboard (potentially dangerous).
        //return httpContext.User.Identity.IsAuthenticated;
    }
}

Then I added the configuration:

app.UseHangfireDashboard("/hangfire", new DashboardOptions
{
    Authorization = new[] { new HangFireAuthorizationFilter() }
});

But after I deploy and try to access the /hangfire page I see this in the logs:

fail: Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery[7]
  An exception was thrown while deserializing the token.
  Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException: The antiforgery token could not be decrypted.
   ---> System.Security.Cryptography.CryptographicException: The key {450e662b-997d-4b41-b70b-3290373a73a7} was not found in the key ring.
     at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.UnprotectCore(Byte[] protectedData, Boolean allowOperationsOnRevokedKeys, UnprotectStatus& status)
     at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.DangerousUnprotect(Byte[] protectedData, Boolean ignoreRevocationErrors, Boolean& requiresMigration, Boolean& wasRevoked)
     at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.Unprotect(Byte[] protectedData)
     at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgeryTokenSerializer.Deserialize(String serializedToken)
     --- End of inner exception stack trace ---
     at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgeryTokenSerializer.Deserialize(String serializedToken)
     at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery.GetCookieTokenDoesNotThrow(HttpContext httpContext)

Could there be something else that I am not considering?



Solution 1:[1]

I got it to work, but the solution was unusual and did not match the documentation.

Moving the DashboardOptions object from the UseHangfireDashboard() method to the MapHangfireDashboard() method worked.

endpoints.MapHangfireDashboard("/hangfire", new DashboardOptions
{
    Authorization = new[] { new HangFireAuthorizationFilter() }
});

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Ben Harrison