I’m using Hangfire in my .NET core application and I’m just JWT bearer authentication. Is there a way to configure bearer token authentication in Hangfire? I wrote a custom authentication provider to read and verify the bearer auth token and it works for the initial request to my Hangfire dashboard root, but other requests such as JS or CSS requests return a 401 since the token is not sent in the headers. Is there something that I am missing that would cause Hangfire to append the bearer token to all subsequent requests back to the server?
how did you pass the token to hangfire? I am trying to do this but owinContext is always null.
Can you please add an option to automatically include the Authorization header "Bearer " on each hangfire dashboard request because once I am authenticated using a Bearer token the token should be passed in on all requests /server /tasks etc. , but the issue I am having is I pass the bearer token to the hangfire dashboard url and it loads but each subsequent request fails because the Authorization header is not included.
I went this route in my Hangfire Authorize Attribute, since I passed my Bearer token via querystring to the entry /dashboard URL then I have middleware to add the bearer token to the Authorization header.
So the first entry into the Dashboard passes auth but the other dashboard resources fail auth because of no Authorization header being transient from the original request, but I noticed the referer header specifies the original URL with auth token query param…so I was able to get the access_token from the header and validate it for any dashboard resource call…now to work on the refreshing of the token.
CustomJwtSecurityTokenHandler is my implementation but you can just using the JwtSecurityTokenHandler
Update: Other links are broken (auth failing) because the referer changes when it comes from another page in Hangfire, so I’ll just store it as a cookie and read it from there that’s the plan. Using the cookie works perfect.
Also using jquery, after successful auth I loaded the dashboard via iframe so no point for back to site, and the jquery client can keep the token refresh via a timer after the JWT expires