Search This Blog

Thursday, 8 February 2018

Securing ASP.NET CORE Web API using Custom API Key based Authentication

In this article, we are going to learn how to create a secure Web API in ASP.NET Core MVC.

Link to Complete Article with source code:-  

In the fast-growing era of Web technology, everything is changing too fast. With ASP.NET there was a time when we used to use web service (the .asmx ones), which was SOAP-based, which we can just use for consuming data from other applications, which did have that much of security in it. Most developers would take Username and Password Parameter as input and then they would allow to access web service.
As time passes, Microsoft came up with WCF which was secured but too complex to use.
Further, Microsoft came up with something new called as Web API which we can use by creating ASP.NET MVC application or directly ASP.NET Web API application which was lighter and easy to use.
But moving further, Microsoft introduces ASP.NET Core which is lighter than all its previous versions.
But when we say we are securing and webapi in ASP.NET WEB API we use Delegate handler for validating API request.
As we jump into ASP.NET Core there are no more handler and modules, we are introduced to something new called as Middleware, which we are going to write to validating API request.
In this article, we are going to learn that extra part, the process to create an ASP.NET Core WEB API application in which a developer can log in to application and subscribe his own services, then generate API keys, see his own documentation of API how to consume API and finally he will get his own analytics on how many requests he sends in a month. And if request sent count is greater than the user has subscribed then he will get the response "exceeds request length".


  • Register Developer
  • Login
  • Choose Service with Max request (1000 request, 5000 requests)
  • Get API key
  • API Documents
  • Use API key to Access service


Visual Studio 2017 with ASP.NET CORE 2.0
SQL Server 2008 and above


  1. Learned a lot of new things from your post!Good creation ,It's amazing blog
    .Net Online Training
    Dot Net Online Training Bangalore
    .Net Online Course

  2. This comment has been removed by the author.

  3. Hi, Thanks for posting a great article of the your information.
    For more information please visit.
    Top Institute For DOT NET Training in Ameerpet|| Get Real Time Experience

  4. Thanks for sharing this post. Your post is really very helpful its students. Dot Net Online Training Hyderabad

  5. At Coepd (Center of Excellence for Professional Development) we practice Object-Oriented Programming concepts and mentor .Net Platform, C#.NET, ADO.NET which helps the attendees to build database-driven Web applications and Web Sites successfully. We also guide the attendees to develop web-based enterprise applications using ASP.NET and Visual Studio which comforts in developing the Web Services using .Net framework in Service-oriented Architecture. The Internship Program Also covers Frontend design technologies HTML, HTML5, CSS, CSS3, XML, Bootstrap, JQuery, Angular JS, and AJAX. Our collaborative ecosystem comprising of Partnerships with Software Companies enables real time software development life cycle experience.

  6. All the latest updates from the Python Automationminds team. Python Automationminds lets you program in Python, in your browser. No need to install any software, just start coding straight away. There's a fully-functional web-based console and a programmer's text-editor
    Phyton training in Chennai

  7. Robotic Process Automation (RPA) is one of the most exciting developments in Business Process Management (BPM) in recent history. Some industry experts believe it may be even more transformational than cloud computing transformational than cloud Automationminds team. (RPA)Automationminds lets you program in (RPA),


10 Points to Secure Your ASP.NET Core MVC Applications

In this article, we learn how to secure ASP.NET Core MVC Applications against top 10 attacks given by OWSAP (Open Web Application Security ...