Wivuu.AspNetCore.APIKey 1.0.0

There is a newer version of this package available.
See the version list below for details.
dotnet add package Wivuu.AspNetCore.APIKey --version 1.0.0                
NuGet\Install-Package Wivuu.AspNetCore.APIKey -Version 1.0.0                
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.
<PackageReference Include="Wivuu.AspNetCore.APIKey" Version="1.0.0" />                
For projects that support PackageReference, copy this XML node into the project file to reference the package.
paket add Wivuu.AspNetCore.APIKey --version 1.0.0                
#r "nuget: Wivuu.AspNetCore.APIKey, 1.0.0"                
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.
// Install Wivuu.AspNetCore.APIKey as a Cake Addin
#addin nuget:?package=Wivuu.AspNetCore.APIKey&version=1.0.0

// Install Wivuu.AspNetCore.APIKey as a Cake Tool
#tool nuget:?package=Wivuu.AspNetCore.APIKey&version=1.0.0                

Wivuu.AspNet.APIKey

This project implements a secure API key authentication & authorization system built atop .NET's Data Protection APIs.

Quality Gate Status

Roadmap

  • Update sample to support Swagger doc authentication
  • Add option mechanism for extracting API key differently from request
  • Add tests
  • Add Sonarcloud CI actions
  • Document usage scenarios
  • Add CD to nuget

Usage

1. Install the package

dotnet add package Wivuu.AspNet.APIKey

2. Configure the API key provider

builder.Services.AddControllers();

builder.Services
    .AddAuthentication(options =>
    {
        options.DefaultAuthenticateScheme = "x-api-key";
        options.DefaultChallengeScheme = "x-api-key";
    })
    // The <T> parameter is used to pass in the structure of the encrypted key, it must be of type `IDataProtectedKey`.
    // this library comes with `DefaultUserIdKey<T>` which can be used as a basic wrapper around any string or unique id,
    // but can be extended to support more complex claims.
    .AddWivuuDataProtectedAPIKeySchema<DefaultUserIdKey<Guid>>("x-api-key", options =>
    {
        // Configure options here:

        // 1. Usage purpose; this is mapped to the DataProtection `purpose` parameter
        // options.UsagePurpose = "my-usage-purpose";

        // 2. The cache duration for successful authentications, typically not necessary except perhaps in
        //    high traffic scenarios
        // options.CacheDurationSuccess = TimeSpan.FromSeconds(10);

        // 3. The failure cache duration will cache failed authentications for a period of time to prevent
        //    excessive calls to decryption algorithm for bad keys. Defaults to 10 seconds
        // options.CacheDurationFailure = TimeSpan.FromSeconds(30);

        // 4. BuildAuthenticationResponseAsync allows you to customize the creation of your 
        //    AuthenticationTicket. This is useful if you want to add additional claims to the
        //    ticket or if you want to use a different authentication scheme

        // 5. GetKeyFromRequest allows you to retrieve the key from alternative locations in the request, such
        //    as a header, querystring, or cookie. By default, the key is expected to be in an `x-api-key` header.

        // 6. If you want to use a different scheme, you can configure the scheme name here
        // options.Scheme = "my-scheme-name";
    });

3. Use the scheme on a controller

// Add the [Authorize] attribute to the controller in order to enforce authentication of the API key
[HttpGet(Name = "Test API Key")]
[Authorize]
public IActionResult Get()
{
}

4. Issue new keys

Keys can be generated using the DataProtectedAPIKeyGenerator, which is added automatically to your ServiceProvider by calling AddWivuuDataProtectedAPIKeySchema.

// Generate a new key
var generator = serviceProvider.GetRequiredService<DataProtectedAPIKeyGenerator>();
var userId = Guid.NewGuid();
var key = new DefaultUserIdKey<Guid>(userId);

// Generates a protected API key string, optionally make it temporary.
var encryptedKeyIndefinite = generator.ProtectKey(key);
var encryptedKeyTemporary = generator.ProtectKey(key, TimeSpan.FromDays(30));

// Either of these keys can now be used in the x-api-key header to re-validate this user
Product Compatible and additional computed target framework versions.
.NET net7.0 is compatible.  net7.0-android was computed.  net7.0-ios was computed.  net7.0-maccatalyst was computed.  net7.0-macos was computed.  net7.0-tvos was computed.  net7.0-windows was computed.  net8.0 was computed.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed.  net9.0 was computed.  net9.0-android was computed.  net9.0-browser was computed.  net9.0-ios was computed.  net9.0-maccatalyst was computed.  net9.0-macos was computed.  net9.0-tvos was computed.  net9.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last updated
1.0.1 486 12/23/2022
1.0.0 205 12/23/2022