Using API Key Authentication To Secure ASP.NET Core Web API You can get all the details in the below blog link. https://jayanttripathy.com/using-api-key-authentication-to-secure-asp-net-core-web-api/
using Microsoft.AspNetCore.Builder; using Microsoft.AspNetCore.Http; using System.Threading.Tasks;
namespace APIKeyAuth.Middleware { // You may need to install the Microsoft.AspNetCore.Http.Abstractions package into your project public class APIKeyMiddleware { private readonly RequestDelegate _next; const string APIKEY = "x-authKey"; public APIKeyMiddleware(RequestDelegate next) { _next = next; }
public async Task Invoke(HttpContext httpContext)
{
if (!httpContext.Request.Headers.TryGetValue(APIKEY, out
var extractedApiKey))
{
httpContext.Response.StatusCode = 401;
await httpContext.Response.WriteAsync("Api Key missing ");
return;
}
var appSettings = httpContext.RequestServices.GetRequiredService<IConfiguration>();
var apiKey = appSettings.GetValue<string>(APIKEY);
if (!apiKey.Equals(extractedApiKey))
{
httpContext.Response.StatusCode = 401;
await httpContext.Response.WriteAsync("Wrong Auth Key : Unauthorized access");
return;
}
await _next(httpContext);
}
}
// Extension method used to add the middleware to the HTTP request pipeline.
public static class APIKeyMiddlewareExtensions
{
public static IApplicationBuilder UseAPIKeyMiddleware(this IApplicationBuilder builder)
{
return builder.UseMiddleware<APIKeyMiddleware>();
}
}