How To Implement API Key Authentication In ASP.NET Core

Показать описание

API Key Authentication is commonly used in S2S scenarios. You provide the API caller a unique key that they use to authenticate with your API. The API Key can be sent in a few ways. For example, it can be sent in a request header, the query string, or in a cookie. I'll show you how to implement API Key authentication in Minimal APIs and how to do it with controllers.

Join my weekly .NET newsletter:

How To Implement API Key Authentication In ASP.NET Core

Read my Blog here:

Subscribe for more:

Chapters
0:00 Defining an endpoint filter
1:50 Implementing ApiKeyAuthenticationEndpointFilter
6:45 How an endpoint filter works
8:37 Validating the API key
12:32 Alternatives to sending the API key in the header
13:22 Alternatives to storing API keys in the application configuration
14:12 API key authentication with controllers

Рекомендации по теме

Комментарии

Nice, easy clean explaination, will definetly use in my next minimal API project.

BK-

Thank you for this introduction man. God bless 💪

kimfom

It was very useful Milan, Thanks a lot!

peymannaji

Thank you @Milan for your great content

JosephRuhundwa

Hi Milan, I hope you show us how to use commands and queries to write and read from database using different contexts for better performance for enterprise projects like e-commerce
for example
Command write to SQL database
Queries read using Elastic Search

Tamer_Ali

Thanks for your awesome content and simplified explaination keep it up ❤️👏

amrnouh

Your tweet said the video would cover:

- Great at limiting access to an API
- Tracking usage and billing

I don’t see those topics listed in the chapters. Which chapters cover them? Or is there another video? Thanks in advance.

fillegar

Milan what about an episode where you explain message metadata?

For example:
-Authentication token / API key
-Correlation Id
-Causation id
-UTC Timestamp
-Culture / Localization of the client
-Message version
-Message unique id
-others?

What do you think is necessary?

barr

Great explanation as usual. Would you please share with us the theme you are using in Visual Studio. Thanks. Keep it up.

Ahmed-uiwn

This is absolutely beautiful thank you

RioTheHitman

Can you please explain how this can be added as custom authentication handler which can be added in startup woth its own custom scheme name in addition to inbuilt jwtbeater or cookie authenticators so that an api endpoint can be authenticated either through jwt token or api key? Thank you!

microtech

Hi! Can you show us an implementation about how to use this or JWT in a MAUI or WPF application (even with refresh token)?

ferenc

Would it be worth it to have the API key in the header hashed and then check the hash with a hashed version of any valid API keys you have in order to increase security?

VeggehGaming

Hi Milan, how do you secure this key with your users when you hand them the key? Do you recomend some key rotation mechanism? How would you handle revocation of a stolen key and hand a new key to the customer? I hope to hear your approch for those scenarios.

ArnonDanon

What are your thoughts on using middleware to check for the key, this is something I have done previously

mylesdavies

Milan, how to implement support for multiple authentication methods in Swagger, including Bearer Token and API Key?

jeffersantosss

Very nice explanation as always. Is there any chance you can do a video on user impersonation using JWT/Identity please.

onedev

Hey, one question, what are u doing in case if mulptiple commands using the same logic partually, it can contains request to database, or just logic without requests to database. Where do u store common code like that? Or u just repeat same code in both commands because the idea of commands that they are independent

reggyA

Can the Implement API Key Authentication be used for a multi-tenant structure?

danyaracena

Unfortunately you've mixed up Authentication and Authorization.

If it is about Authentication like you've mentioned in your title and folder, you should've set a valid Principal like ClaimsPrincipal to the context - nothing more.

If it is about Authorization like you've mentioned in your filter and the controller interface, the filter is correct if it returns a Unauthorized result 😉

MarcusKaseder

How To Implement API Key Authentication In ASP.NET Core

What Are API Keys, And Why Are They So Important? | System Design Interview Basics

What are API Keys? | Using API Keys

Implementing API Key Authentication in ASP.NET Core

API access tokens: how do they work, and how do they compare to authentication using API keys?

Postman Tutorial - API Key Authorization in Postman

How the Heck Do API Keys Work?

5 JavaScript API Key Mistakes (and how to fix them)

How To Implement API Key Authentication In ASP.NET Core

Flutter REST Movie App: Master Flutter REST API Development

Properly Load & Manage API Keys in Python

API Key Authentication Best Practices

What is an API and how does it work? (In plain English)

APIs for Beginners 2023 - How to use an API (Full Course / Tutorial)

API Authentication via API Keys | AWS API Gateway

How to Generate an API Key for ChatGPT | Step by step process

What is an API (in 5 minutes)

How to HIDE Your API Keys in Python Projects

How to Get Your OpenAI API Key

How to Get YouTube API Key 2024 | Create YouTube API Key ( YouTube Data API v3 )

How To Create Your Google API Key On Google Cloud Platform

How to Get API Key From Google Maps (2024)

How to get your steam API key

3.4 Hiding API Keys with Environment Variables (dotenv) and Pushing Code to GitHub

Create A Python API in 12 Minutes