Comments (1)
In general, security is out of the scope of CrystalQuartz panel, at leas for now. That means you can apply security rules, but only on hosting infrastructure level, not on panel level itself. For example, in standard ASP.NET, assuming Forms authentication configured, we could just protect /quartz
location in web.config
. For example this config allows access to /quartz
only for users with role Admin
.
<location path="quartz">
<system.web>
<authorization>
<allow roles="Admin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
With OWIN and Core it is possible to use any kind of custom or standard middlewares, just to give an idea, here is a dirty manual basic authentication check for /quartz
location:
// app is IAppBuilder
// Note: this code should come before app.UseCrystalQuartz
app.Use(async (context, next) =>
{
var request = context.Request;
var requestUri = request.Uri;
if (requestUri.PathAndQuery.ToString().StartsWith("/quartz"))
{
var header = request.Headers["Authorization"];
if (!String.IsNullOrWhiteSpace(header))
{
var authHeader = System.Net.Http.Headers.AuthenticationHeaderValue.Parse(header);
if ("Basic".Equals(authHeader.Scheme, StringComparison.OrdinalIgnoreCase))
{
string parameter = Encoding.UTF8.GetString(Convert.FromBase64String(authHeader.Parameter));
var parts = parameter.Split(':');
string userName = parts[0];
string password = parts[1];
bool isValidUser = userName == "JohnDoe" && password == "Secret"
if (isValidUser)
{
await next();
return;
}
}
}
context.Response.StatusCode = 401;
context.Response.Headers["WWW-Authenticate"] = "Basic realm=\"App\"";
}
else
{
await next();
}
});
from crystalquartz.
Related Issues (20)
- When using MySQL as a data source I get an exception trying to cast DBNull to null
- Using CrystalQuartz having issue to connect to the database HOT 1
- Panel displays Object reference not set on completed trigger/job details request
- Seconds formatting
- execute_job command does not return InProgress HOT 1
- No Issues
- Dependency Injection Service Wokrer .NET CORE HOT 2
- [Question] Read-only mode
- Just curious - Starting up - .Net 4.8 vs Owin
- Join the project to .NET Foundation
- System.InvalidOperationException: Synchronous operations are disallowed. Call WriteAsync or set AllowSynchronousIO to true instead. HOT 3
- Job Groups rendered in "random" order
- Job details panel is completely empty HOT 3
- Customize the scheduler menu
- about the latest version HOT 1
- Licence mismatch HOT 1
- An error occurred while initialization of scheduler services An instance of Quartz 3 Scheduler expected HOT 6
- Synchronous operations are disallowed with .Net 6. Is the workaround still the same? HOT 7
- When will the official version be released?
- url offten CrystalQuartzPanel.axd?command=get_data no content repsonse. HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from crystalquartz.