Set up JWT Bearer Token Authorization/Authentication in Hangfire

Question

How can you configure Bearer Token Authorization/Authentication in Hangfire?

I have a custom authentication filter that read the Authentication Token on the initial request but all other requests ( Hangfire calls) it return 401.

How can I attach Auth Token to the header of every request that Hangfire does?

How can I refresh the token when it is expired?

Answer 1

Maybe a bit late but here's a possible solution. The idea comes from this post: https://discuss.hangfire.io/t/using-bearer-auth-token/2166

The basic idea is to add your jwt as a query param then collect it in JwtBearerOptions.Events and set your MessageReceivedContext.Token equal to it. This will work for the first request but the requests that follow from it won't have the query param attached so we need to add the jwt to a cookie when we get it. So now we check for the jwt in the query param. If we find it then add it to a cookie. If not check for it in the cookies. In ConfigureServices:

services.AddAuthentication(options =>
  {
    options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
    options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;

  })
  .AddJwtBearer((Action<JwtBearerOptions>)(options =>
  {
    options.TokenValidationParameters =
        new TokenValidationParameters
        {
          LifetimeValidator = (before, expires, token, param) =>
                   {
                     return expires > DateTime.UtcNow;
                   },
          IssuerSigningKey = JwtSettings.SecurityKey,
          ValidIssuer = JwtSettings.TOKEN_ISSUER,
          ValidateIssuerSigningKey = true,
          ValidateIssuer = true,
          ValidateAudience = false,
          NameClaimType = GGClaimTypes.NAME
        };

    options.Events = new JwtBearerEvents
    {
      OnMessageReceived = mrCtx =>
      {
        // Look for HangFire stuff
        var path = mrCtx.Request.Path.HasValue ? mrCtx.Request.Path.Value : "";
        var pathBase = mrCtx.Request.PathBase.HasValue ? mrCtx.Request.PathBase.Value : path;
        var isFromHangFire = path.StartsWith(WebsiteConstants.HANG_FIRE_URL) || pathBase.StartsWith(WebsiteConstants.HANG_FIRE_URL);

        //If it's HangFire look for token.
        if (isFromHangFire)
        {
          if (mrCtx.Request.Query.ContainsKey("tkn"))
          {
            //If we find token add it to the response cookies
            mrCtx.Token = mrCtx.Request.Query["tkn"];
            mrCtx.HttpContext.Response.Cookies
            .Append("HangFireCookie",
                mrCtx.Token,
                new CookieOptions()
                {
                  Expires = DateTime.Now.AddMinutes(10)
                });
          }
          else
          {
            //Check if we have a cookie from the previous request.
            var cookies = mrCtx.Request.Cookies;
            if (cookies.ContainsKey("HangFireCookie"))
              mrCtx.Token = cookies["HangFireCookie"];                
          }//Else
        }//If

        return Task.CompletedTask;
      }
    };

  })); 

HangFire Auth Filter:

 public class HangFireAuthorizationFilter : IDashboardAuthorizationFilter
 {

    public bool Authorize(DashboardContext context)
    {
      var httpCtx = context.GetHttpContext();

      // Allow all authenticated users to see the Dashboard.
      return httpCtx.User.Identity.IsAuthenticated;

    }//Authorize

}//Cls