{"id":22882390,"url":"https://github.com/loresoft/aspnetcore.securitykey","last_synced_at":"2025-05-07T04:48:06.804Z","repository":{"id":229063110,"uuid":"775236944","full_name":"loresoft/AspNetCore.SecurityKey","owner":"loresoft","description":"Security API Key Authentication Implementation for ASP.NET Core","archived":false,"fork":false,"pushed_at":"2025-05-06T19:32:33.000Z","size":181,"stargazers_count":3,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-05-07T04:47:57.249Z","etag":null,"topics":["api-key","api-key-authentication","asp-net","asp-net-core","authentication"],"latest_commit_sha":null,"homepage":"","language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/loresoft.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null},"funding":{"github":"loresoft"}},"created_at":"2024-03-21T02:17:53.000Z","updated_at":"2025-05-06T19:27:54.000Z","dependencies_parsed_at":"2024-04-10T15:38:05.020Z","dependency_job_id":"87769f18-1793-4701-9fec-b7f6e61b252c","html_url":"https://github.com/loresoft/AspNetCore.SecurityKey","commit_stats":null,"previous_names":["loresoft/aspnetcore.extensions","loresoft/aspnetcore.securitykey"],"tags_count":7,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/loresoft%2FAspNetCore.SecurityKey","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/loresoft%2FAspNetCore.SecurityKey/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/loresoft%2FAspNetCore.SecurityKey/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/loresoft%2FAspNetCore.SecurityKey/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/loresoft","download_url":"https://codeload.github.com/loresoft/AspNetCore.SecurityKey/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252816523,"owners_count":21808702,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["api-key","api-key-authentication","asp-net","asp-net-core","authentication"],"created_at":"2024-12-13T18:17:17.984Z","updated_at":"2025-05-07T04:48:06.795Z","avatar_url":"https://github.com/loresoft.png","language":"C#","readme":"# Security API Keys for ASP.NET Core\n\nAPI Key Authentication Implementation for ASP.NET Core\n\n[![Build Project](https://github.com/loresoft/AspNetCore.SecurityKey/actions/workflows/dotnet.yml/badge.svg)](https://github.com/loresoft/AspNetCore.SecurityKey/actions/workflows/dotnet.yml)\n\n[![Coverage Status](https://coveralls.io/repos/github/loresoft/AspNetCore.SecurityKey/badge.svg?branch=main)](https://coveralls.io/github/loresoft/AspNetCore.SecurityKey?branch=main)\n\n[![AspNetCore.SecurityKey](https://img.shields.io/nuget/v/AspNetCore.SecurityKey.svg)](https://www.nuget.org/packages/AspNetCore.SecurityKey/)\n\n\n## Passing API Key in a Request\n\n- Request Headers\n- Query Parameters\n- Cookie\n\n### Request Header\n\nExample passing the security api key via a header\n\n```\nGET http://localhost:5009/users\nAccept: application/json\nX-API-KEY: 01HSGVBSF99SK6XMJQJYF0X3WQ\n```\n\n### Query Parameters\n\n\nExample passing the security api key via a header\n\n```\nGET http://localhost:5009/users?X-API-KEY=01HSGVBSF99SK6XMJQJYF0X3WQ\nAccept: application/json\n```\n\n## Security API Key Setup\n\n### Set the Security API Key\n\nSecurity API key in the appsetting.json\n\n```json\n{\n  \"SecurityKey\": \"01HSGVBSF99SK6XMJQJYF0X3WQ\"\n}\n```\n\nMultiple keys supported via semicolon delimiter\n\n\n```json\n{\n  \"SecurityKey\": \"01HSGVBGWXWDWTFGTJSYFXXDXQ;01HSGVBSF99SK6XMJQJYF0X3WQ\"\n}\n```\n\n### Register Services\n\n```c#\nvar builder = WebApplication.CreateBuilder(args);\n\n// add security api key scheme\nbuilder.Services\n    .AddAuthentication()\n    .AddSecurityKey(); \n\nbuilder.Services.AddAuthorization();\n\n// add security api key services\nbuilder.Services.AddSecurityKey();\n  \n```\n\nConfigure Options\n\n```c#\nbuilder.Services.AddSecurityKey(options =\u003e {\n    options.ConfigurationName = \"Authentication:ApiKey\";\n    options.HeaderName = \"x-api-key\";\n    options.QueryName = \"ApiKey\";\n    options.KeyComparer = StringComparer.OrdinalIgnoreCase;\n});\n```\n\n### Secure Endpoints\n\nSecure Controller with `SecurityKeyAttribute`.  Can be at class or method level\n\n```c#\n[ApiController]\n[Route(\"[controller]\")]\npublic class AddressController : ControllerBase\n{\n    [SecurityKey]\n    [HttpGet(Name = \"GetAddresses\")]\n    public IEnumerable\u003cAddress\u003e Get()\n    {\n        return AddressFaker.Instance.Generate(5);\n    }\n\n}\n```\n\nSecure via middleware.  All endpoints will require security API key\n\n```c#\npublic static class Program\n{\n    public static void Main(string[] args)\n    {\n        var builder = WebApplication.CreateBuilder(args);\n\n        builder.Services.AddAuthorization();\n        builder.Services.AddSecurityKey();\n        \n        var app = builder.Build();\n    \n        // required api key for all end points\n        app.UseSecurityKey();\n        app.UseAuthorization();\n\n        app.MapGet(\"/weather\", () =\u003e WeatherFaker.Instance.Generate(5));\n\n        app.Run();\n    }\n}\n```\n\nSecure Minimal API endpoint with filter, .NET 8+ only\n\n```c#\npublic static class Program\n{\n    public static void Main(string[] args)\n    {\n        var builder = WebApplication.CreateBuilder(args);\n\n        builder.Services.AddAuthorization();\n        builder.Services.AddSecurityKey();\n        \n        var app = builder.Build();\n    \n        app.UseAuthorization();\n\n        app.MapGet(\"/users\", () =\u003e UserFaker.Instance.Generate(10))\n            .RequireSecurityKey();\n\n        app.Run();\n    }\n}\n```\n\nSecure with Authentication Scheme\n\n```c#\npublic static class Program\n{\n    public static void Main(string[] args)\n    {\n        var builder = WebApplication.CreateBuilder(args);\n\n        builder.Services\n            .AddAuthentication()\n            .AddSecurityKey();\n\n        builder.Services.AddAuthorization();\n        builder.Services.AddSecurityKey();\n        \n        var app = builder.Build();\n    \n        app.UseAuthentication();\n        app.UseAuthorization();\n\n        app.MapGet(\"/users\", () =\u003e UserFaker.Instance.Generate(10))\n            .RequireAuthorization();\n\n        app.Run();\n    }\n}\n```\n\n### Custom Security Key Validation\n\nYou can implement your own custom security key validation by implementing the `ISecurityKeyValidator` interface.\n\n```c#\npublic class CustomSecurityKeyValidator : ISecurityKeyValidator\n{\n    public Task\u003cbool\u003e ValidateAsync(HttpContext context, string key)\n    {\n        // custom validation logic\n        return Task.FromResult(true);\n    }\n}\n```\n\nUse custom security key validator\n\n```c#\nbuilder.Services.AddSecurityKey\u003cCustomSecurityKeyValidator\u003e();\n```\n\n### Custom Security Key Extractor\n\nYou can implement your own custom security key extractor by implementing the `ISecurityKeyExtractor` interface.\n\n```c#\npublic class CustomSecurityKeyExtractor : ISecurityKeyExtractor\n{\n    public Task\u003cstring\u003e ExtractAsync(HttpContext context)\n    {\n        // custom extraction logic\n        return Task.FromResult(\"custom-key\");\n    }\n}\n```\n\nUse custom security key validator and extrator\n\n```c#\nbuilder.Services.AddSecurityKey\u003cCustomSecurityKeyValidator, CustomSecurityKeyExtractor\u003e();\n```\n\n### Open API \n\nAdd Open API support in .NET 9+\n\n```c#\nvar builder = WebApplication.CreateBuilder(args);\n\nbuilder.Services\n    .AddAuthentication()\n    .AddSecurityKey();\n\nbuilder.Services.AddAuthorization();\nbuilder.Services.AddSecurityKey();\n\n// add api key requirment to open api\nbuilder.Services.AddOpenApi(options =\u003e options\n    .AddDocumentTransformer\u003cSecurityKeyDocumentTransformer\u003e()\n);\n\nvar app = builder.Build();\n\napp.UseAuthentication();\napp.UseAuthorization();\n\napp.MapOpenApi();\n\n// use Scalar.AspNetCore package \napp.MapScalarApiReference();\n```\n","funding_links":["https://github.com/sponsors/loresoft"],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Floresoft%2Faspnetcore.securitykey","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Floresoft%2Faspnetcore.securitykey","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Floresoft%2Faspnetcore.securitykey/lists"}