Buy Me Coffee

Securing ASP.NET CORE Web API using Custom API Key based Authentication

In this article, we are going to learn how to create a secure Web API in ASP.NET Core MVC.

Link to Complete Article with source code:-  

In the fast-growing era of Web technology, everything is changing too fast. With ASP.NET there was a time when we used to use web service (the .asmx ones), which was SOAP-based, which we can just use for consuming data from other applications, which did have that much of security in it. Most developers would take Username and Password Parameter as input and then they would allow to access web service.
As time passes, Microsoft came up with WCF which was secured but too complex to use.
Further, Microsoft came up with something new called as Web API which we can use by creating ASP.NET MVC application or directly ASP.NET Web API application which was lighter and easy to use.
But moving further, Microsoft introduces ASP.NET Core which is lighter than all its previous versions.
But when we say we are securing and webapi in ASP.NET WEB API we use Delegate handler for validating API request.
As we jump into ASP.NET Core there are no more handler and modules, we are introduced to something new called as Middleware, which we are going to write to validating API request.
In this article, we are going to learn that extra part, the process to create an ASP.NET Core WEB API application in which a developer can log in to application and subscribe his own services, then generate API keys, see his own documentation of API how to consume API and finally he will get his own analytics on how many requests he sends in a month. And if request sent count is greater than the user has subscribed then he will get the response "exceeds request length".


  • Register Developer
  • Login
  • Choose Service with Max request (1000 request, 5000 requests)
  • Get API key
  • API Documents
  • Use API key to Access service


Visual Studio 2017 with ASP.NET CORE 2.0
SQL Server 2008 and above