API Key Authentication With FastEndpoints + Swagger

ApiKeyAuth.cs

sealed class ApikeyAuth(IOptionsMonitor<AuthenticationSchemeOptions> options,
                        ILoggerFactory logger,
                        UrlEncoder encoder,
                        IConfiguration config)
    : AuthenticationHandler<AuthenticationSchemeOptions>(options, logger, encoder)
{
    internal const string SchemeName = "ApiKey";
    internal const string HeaderName = "x-api-key";
    readonly string _apiKey = config["Auth:ApiKey"] ?? throw new InvalidOperationException("Api key not set in appsettings.json");

    protected override Task<AuthenticateResult> HandleAuthenticateAsync()
    {
        Request.Headers.TryGetValue(HeaderName, out var extractedApiKey);

        if (!IsPublicEndpoint() && !extractedApiKey.Equals(_apiKey))
            return Task.FromResult(AuthenticateResult.Fail("Invalid API credentials!"));

        var identity = new ClaimsIdentity(
            claims: new[] { new Claim("ClientID", "Default") },
            authenticationType: Scheme.Name);
        var principal = new GenericPrincipal(identity, roles: null);
        var ticket = new AuthenticationTicket(principal, Scheme.Name);

        return Task.FromResult(AuthenticateResult.Success(ticket));
    }

    bool IsPublicEndpoint()
        => Context.GetEndpoint()?.Metadata.OfType<AllowAnonymousAttribute>().Any() is null or true;
}

Endpoint.cs

sealed class Endpoint : EndpointWithoutRequest
{
    public override void Configure()
    {
        Get("/protected");
    }

    public override async Task HandleAsync(CancellationToken ct)
    {
        await Send.OkAsync("you are authorized!");
    }
}

Program.cs

using FastEndpoints;
using FastEndpoints.Swagger;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authorization;
using Microsoft.Extensions.Options;
using NSwag;
using System.Security.Claims;
using System.Security.Principal;
using System.Text.Encodings.Web;

var bld = WebApplication.CreateBuilder();
bld.Services
   .AddFastEndpoints()
   .AddAuthorization()
   .AddAuthentication(ApikeyAuth.SchemeName)
   .AddScheme<AuthenticationSchemeOptions, ApikeyAuth>(ApikeyAuth.SchemeName, null);
bld.Services
   .SwaggerDocument(o =>
   {
       o.EnableJWTBearerAuth = false;
       o.DocumentSettings = s =>
       {
           s.AddAuth(ApikeyAuth.SchemeName, new()
           {
               Name = ApikeyAuth.HeaderName,
               In = OpenApiSecurityApiKeyLocation.Header,
               Type = OpenApiSecuritySchemeType.ApiKey,
           });
       };
   });

var app = bld.Build();
app.UseAuthentication()
   .UseAuthorization()
   .UseFastEndpoints()
   .UseSwaggerGen();
app.Run();

@rhyek oops sorry! corrected now. cheers mate!

I don't have the option of calling bld.Services.SwaggerDocument() - what version is this?

I'm using .NET 8.0.102 w/ the following:

<PackageReference Include="FastEndpoints" Version="5.23.0" />
<PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="8.0.2"/>
<PackageReference Include="Swashbuckle.AspNetCore" Version="6.5.0" />

I don't have the option of calling bld.Services.SwaggerDocument() - what version is this?

I'm using .NET 8.0.102 w/ the following:

<PackageReference Include="FastEndpoints" Version="5.23.0" />
<PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="8.0.2"/>
<PackageReference Include="Swashbuckle.AspNetCore" Version="6.5.0" />

nvm, I was missing the FastEndpoints.Swagger reference:

<PackageReference Include="FastEndpoints.Swagger" Version="5.23.0" />

work like a charm ;)

working Thanks.

This worked great, thanks for posting it :)