Implementing API Key Authentication in ASP.NET Core

Показать описание

Hello everybody I'm Nick and in this video I will show you all the approaches you can use to add API Key based authentication in you ASP.NET Core APIs. I will cover a generic approach and then Controller and Minimal API specific approaches and also show you how you can add Open API support for Swagger.

Don't forget to comment, like and subscribe :)

Social Media:

#csharp #dotnet

Рекомендации по теме

Комментарии

I love your videos, you are so professional, but i would really love and appreciate if you make a small app, that shows us how yo implement all the best practices you teach us, I mean I learn tbd concept from you, and I always go and implement it in my projects, but sometimes I get lost in the implementation. If you can just do a todo list api, with all the consepts, like rest API rules, versioning, SOLID, services, mapping, results, responses. Thank you very much for the great content 🙏

facephonesy

Hi Nick I love your videos so very much!
*Hint* You probably already know this, but rather than using the Generate Guid tool (which means moving hand to mouse etc.) you can just type "nguid [tab]" and Rider will allow you to insert a new guid and even select the version without dashes. :) Keep up the great work mate!

NathanWienand

I would love to see examples using OAuth 2 Client Credentials flow (using an IDP service like Okta or Auth0) where the APIs accept a valid bearer token.

ryanobray

i always copy/paste some example from the internet and i never stop to think how it works because the explanation is almost always just technical terms and blah blah hard to understand
your explanation is without a doubt simple, objective and easy to understand, thank you very much

MaiconLLoti

Thanks for the awesome video.
Would be very interesting to see JWT Bearer auth with refresh tokens as well.

voliansky

Hi Nick, i love your videos - and this is one is especially great. In this short video you have explained so many things in a clear and concise way. Its great!!

margosdesarian

This is exactly what I was lookinf for to use in my current project. Well done on providing such great content; clean, concise and easy to follow.

RonyFayyad

Great video Nick, as always! A tip to others: the same principal can be used to enforce client certificate based auth, minus the Swagger UI integration. This way, you can easily enforce different types of auth on different scopes within the same API.

onmico

Great help, exactly what I needed. Thanks tons. Since adopting Blazor Server then finding Minimal API's I can now build Api's without MVC "and" secure them. I remember first hearing of WebSocket so many years ago, throw in Entra, Microsoft Graph, and Application Proxy we now have flying cars for the enterprise.

johnsitka

I finally can understand this concept to it's fullest. Thanx for the great content

juliansegura

To get rid of [ServiceFilter(typeof(...)] thing you can derive from ServiceFilterAttribute and provide default ctor with :base Then you can use your filter directly (ApiKeyAuthFilterImpl is actual implementation of filter, must be registered in DI container)

takeshi_taro

Id love to see example of storing multiple API Keys in database and comparing the header key to those in the database. I have a scenario where I will have multiple clients using the API and would like to have a different API Key to give them access to their own data. Great video !

stephenmiller

Thank you Nick! This video greatly helped me. You covered all aspects, including the Swagger which I was struggling with. Thank you 🙏

MeerHussainAbrar

Tak! Brilliant video! Covers all my thoughts and questions about API Keys in one video!

carstenberggreen

Extremely interested in the way you presented and covered different approaches. Thanks bro

linhvuquach

To get around the dependency injection problem you can create a custom attribute that extends from TypeFilterAttribute, which then passes typeof(MyFilter) to the base constructor. From there the system will allow you to use DI in your filter.

amandasanti

the longest app. 18 minutes in my life :D thank you for the explanation!

ecitahpi

Great video! Thanks a lot for your efforts, Nick! You're great

kaymeister

This help me a lot, very well explained. Thank you !

alejomunoz

Thank you, very useful auth concept. Was just looking for something like it

broadshare

Implementing API Key Authentication in ASP.NET Core

Implementing API Key Authentication in ASP.NET Core

What Are API Keys, And Why Are They So Important? | System Design Interview Basics

API Key Authentication Best Practices

How To Implement API Key Authentication In ASP.NET Core

API Authentication via API Keys | AWS API Gateway

API access tokens: how do they work, and how do they compare to authentication using API keys?

Postman Tutorial - API Key Authorization in Postman

Secure ASP.NET Web API using API Key Authentication

#4 Build a Taxi Admin Panel: AngularJS, Admin Login, & Node.js REST API Integration

How the Heck Do API Keys Work?

What are API Keys? | Using API Keys

API Key Authentication For WordPress REST APIs

5 JavaScript API Key Mistakes (and how to fix them)

'Basic Authentication' in Five Minutes

How to Secure Your API Keys the Right Way

How to Add API Key Verification: Apigee API Platform Demo Episode 3

Session vs Token Authentication in 100 Seconds

Implementing API Gateway Authentication With YARP + .NET 8

Properly Load & Manage API Keys in Python

Securing Microservices with API Key Based Auth - Spring Cloud Gateway | JavaTechie

Setting up ApiKey-based Authentication | ASP.NET Core 5 REST API Tutorial 24

Secure Your AWS API Gateway with API Keys | AWS Tutorial

Web API Security | Basic Auth, OAuth, OpenID Connect, Scopes & Refresh Tokens

APIs for Beginners 2023 - How to use an API (Full Course / Tutorial)