Implementing API Key Authentication in ASP.NET Core

Great video. Superb content. Thank you !!!

Hi Nick, appreciate the work you do. One question about the filter of the minimal api. If we have another middleware the request stops first in it and then into the filter?

Thank you, very interesting and easy to implement with your clear details. Looks appropriate for a use case I have.

Couple of questions 😁

- Can you safely mix auth schemes, i.e I have a multi-tenant minimal api that users authenticate to via Azure B2C oauth2, but I need to add a simple API key access for a few endpoints, for service apps to use. I could use client credentials flow or application api's, but there's the problem of distributing/revoking api keys and I want to issue them dynamically depending on the tenant the service apps belong to.

- Can you restrict access to a SignalR server using these?

- Swagger - can it handle multiple auth schemes?

Great help, exactly what I needed. Thanks tons. Since adopting Blazor Server then finding Minimal API's I can now build Api's without MVC "and" secure them. I remember first hearing of WebSocket so many years ago, throw in Entra, Microsoft Graph, and Application Proxy we now have flying cars for the enterprise.

To get around the dependency injection problem you can create a custom attribute that extends from TypeFilterAttribute, which then passes typeof(MyFilter) to the base constructor. From there the system will allow you to use DI in your filter.

You are great! Thank you!

Hi, can you come up with a vidwo where you can demonstrate how to Authorize same endpoint using either inbuilt jwt bearer or api key at the same time? So,how we can add custom authentication along with inbuilt authentication schemes and regiater at startup. Thanks

Very good and detailed explination on this topic, great video!

I was looking for the second approach, so sad 😂😂😂

how to use AllowAnonymous?

This video is difficult to understand and video editing is inconsistent with the content..

broooo,! so cool!

Thanks ❤

Hi Nick, that is very nice. Just a quick thought about how can I separate consumers(apps), like I want to have separate api key for each app trying to use api. Quick thought is to include app name along with key, I grab the app name and check the key. Any batter way?

In your example, once the APIKeyMiddleware - public async Task method runs, and authentication is successful, it doesn't redirect to my Homecontroller in order to run the my Post method and continue with the request. How do I get it to direct to my post request in my Homecontroller?

So if I have an app that connects to thousands of users authentication is something I dont need, did I get that right?

thank you we love you

can you give us the book name or tutorial where did you learn this all?

thanks

This breaks swagger documentation.

Great!

This was awesome, thanks Nick!
Just wondering, is there a reason for not using the IMiddleware interface when implementing the ApiKeyAuthMiddleware class?

Great video Nick, as always! A tip to others: the same principal can be used to enforce client certificate based auth, minus the Swagger UI integration. This way, you can easily enforce different types of auth on different scopes within the same API.

Hi Nick
Amazing video, I have a question about minimal api swagger authorize button option
How to pass different keys with the same button
I have bearer token some set of endpoint allowed with one token and other set of endpoints use another type of token.
How can we address it so Authorise button worked

Thank you

Nick, I purchased your zero to hero minimal API course... the discord link is broken.... is that a mistake or did you shut it down?

Thanks Nick, i need this

excelente video

Brilliant, thanks!

Hi Nick! First of all thank you very much for your videos! They are soooo interesting and you actually taught me a lot since when I started following you :D
I have a question about this approach: why yoi didn't mention the AuthenticationHandler approach?

Great video! Thanks a lot for your efforts, Nick! You're great

Great Video!!!!!!!!

the longest app. 18 minutes in my life :D thank you for the explanation!

I was hoping to use api keys with Identity framework, I recall seeing your .NET core 2 & 3 playlist, and in comments section there you said we can look up the API key to find which user it belongs to, while that can work I think it will conflict with JWT auth since its configured as a filter, and [Authorize] attributes won't work with API keys, and as well as I think looking up the DB on every request is expensive.

why not use AuthenticationHandler and the default [Authorize]?

Excellent tutorial - thanks

That's great explanation. Thanks.

This was exactly what I needed. Now maze makes way more sense!

I wonder is it possible the have the Authorization Filter attribute on the class level, but then override that with another Authorization Filter at the method level. That was by default the methods are safe, unless otherwise indicated.

I know you can set Filter orders but they still both get fired.

is it possible to use [AllowAnonymous] annotation to bypass the middleware?

Id love to see example of storing multiple API Keys in database and comparing the header key to those in the database. I have a scenario where I will have multiple clients using the API and would like to have a different API Key to give them access to their own data. Great video !

Would love a video on building a throttle mechanism where its not waiting in memory but in a queue or database

I finally can understand this concept to it's fullest. Thanx for the great content

Tak! Brilliant video! Covers all my thoughts and questions about API Keys in one video!

OMG asp net core si solo cool 🥹🥹

Always great!!!!

Am I crazy? I’ve always found the swagger ui has the lock icons mixed up. Why would the lock be LOCKED when the api is unlocked and authorized for use??

Hello Nick can you please do a video on difference between .UseRouteing() and .UseEndpoints()?

This thing is everywhere stackoverflow / reddit but still not clear enough!

one of your best videos so far 👌🏻