Secure ASP.NET Core Web API using API Key Authentication

You can easily secure ASP.NET Core Web API using API Key Authentication, it is just a matter of doing few steps and you will be able to secure your endpoints.

In this tutorial I will explain to you how to use API Key to secure your ASP.NET Core Web API in 2 different ways: Custom Attribute and Custom Middleware.

Keep in mind that using API Key Authentication should be limited to the service clients or well-known clients, in other words, it is not recommended that you use the API Key Authentication to actually authenticate your users, it is mainly used to identify and authorize a project or service that is connecting to your APIs.

So it will keep a secure link between your APIs and the client of your APIs (other business that is accessing your APIs).

If you wish to include user authentication, then you should apply token-based authentication, such as OAuth 2.0, it is a significantly important topic that requires a separate tutorial.

I will be preparing some stuff about token-based authentication in ASP.NET Core Web API in the near future.

So let’s keep the introduction short and jump right into the API Key Authentication of your ASP.NET Core Web APIs.