API Key in .NET WebAPI Project
.NET
Create a webapi project, e.g.:
dotnet new webapi -o MyMicroserviceAdd a middleware class:
public class ApiKeyMiddleware
{
private readonly string _apiKeyName;
private readonly string _apiKeyValue;
private readonly RequestDelegate _next;
public ApiKeyMiddleware(RequestDelegate next, string apiKeyName, string apiKeyValue)
{
_next = next;
_apiKeyName = apiKeyName;
_apiKeyValue = apiKeyValue;
}
public async Task InvokeAsync(HttpContext context)
{
if (!context.Request.Headers.TryGetValue(_apiKeyName, out var extractedApiKey))
{
context.Response.StatusCode = 401;
await context.Response.WriteAsync("API Key was not provided.");
return;
}
if (!_apiKeyValue.Equals(extractedApiKey))
{
context.Response.StatusCode = 403;
await context.Response.WriteAsync("Unauthorized client.");
return;
}
await _next(context);
}
}Handle the API key check in Program.cs with the following code. Place this before the app.MapControllers() call:
string? apiKeyName = "My-Api-Key-Name";
string? apiKeyValue = "85a80751-cc34-4a6e-9ad9-4d9c9bea403c"; // Do NOT store your actual key value inline!
// Retrieve it from a protected
// location, e.g., an Azure key vault.
// Validate the request:
app.UseMiddleware<ApiKeyMiddleware>(apiKeyName, apiKeyValue);Calls to the API look like this:
GET https://your_webservice_url/some_endpoint
Accept: application/json
My-Api-Key-Name: 85a80751-cc34-4a6e-9ad9-4d9c9bea403c