Implementing API Key Authentication in ASP.NET Core
HTML-код
- Опубликовано: 8 фев 2023
- Check out my courses: dometrain.com
Become a Patreon and get source code access: / nickchapsas
Hello everybody I'm Nick and in this video I will show you all the approaches you can use to add API Key based authentication in you ASP.NET Core APIs. I will cover a generic approach and then Controller and Minimal API specific approaches and also show you how you can add Open API support for Swagger.
Workshops: bit.ly/nickworkshops
Don't forget to comment, like and subscribe :)
Social Media:
Follow me on GitHub: bit.ly/ChapsasGitHub
Follow me on Twitter: bit.ly/ChapsasTwitter
Connect on LinkedIn: bit.ly/ChapsasLinkedIn
Keep coding merch: keepcoding.shop
#csharp #dotnet
I love your videos, you are so professional, but i would really love and appreciate if you make a small app, that shows us how yo implement all the best practices you teach us, I mean I learn tbd concept from you, and I always go and implement it in my projects, but sometimes I get lost in the implementation. If you can just do a todo list api, with all the consepts, like rest API rules, versioning, SOLID, services, mapping, results, responses. Thank you very much for the great content 🙏
To get rid of [ServiceFilter(typeof(...)] thing you can derive from ServiceFilterAttribute and provide default ctor with :base (typeof(ApiKeyAuthFilterImpl)). Then you can use your filter directly (ApiKeyAuthFilterImpl is actual implementation of filter, must be registered in DI container)
This video is difficult to understand and video editing is inconsistent with the content..
This breaks swagger documentation.
Am I crazy? I’ve always found the swagger ui has the lock icons mixed up. Why would the lock be LOCKED when the api is unlocked and authorized for use??
I would love to see examples using OAuth 2 Client Credentials flow (using an IDP service like Okta or Auth0) where the APIs accept a valid bearer token.
So if I have an app that connects to thousands of users authentication is something I dont need, did I get that right?
Please do a video on task ConfigureAwait(). It's so confusing
But wouldn't that make a timing attack possible because you are just comparing the two strings without doing any hashing.
Would love a video on building a throttle mechanism where its not waiting in memory but in a queue or database
Hi Nick I love your videos so very much!
i always copy/paste some example from the internet and i never stop to think how it works because the explanation is almost always just technical terms and blah blah hard to understand
Thanks for the awesome video.
This is exactly what I was lookinf for to use in my current project. Well done on providing such great content; clean, concise and easy to follow.
Hi Nick, i love your videos - and this is one is especially great. In this short video you have explained so many things in a clear and concise way. Its great!!
Thank you Nick! This video greatly helped me. You covered all aspects, including the Swagger which I was struggling with. Thank you 🙏
Great help, exactly what I needed. Thanks tons. Since adopting Blazor Server then finding Minimal API's I can now build Api's without MVC "and" secure them. I remember first hearing of WebSocket so many years ago, throw in Entra, Microsoft Graph, and Application Proxy we now have flying cars for the enterprise.
Great video Nick, as always! A tip to others: the same principal can be used to enforce client certificate based auth, minus the Swagger UI integration. This way, you can easily enforce different types of auth on different scopes within the same API.
Id love to see example of storing multiple API Keys in database and comparing the header key to those in the database. I have a scenario where I will have multiple clients using the API and would like to have a different API Key to give them access to their own data. Great video !
I finally can understand this concept to it's fullest. Thanx for the great content