I am using AngularJs version with ASP Core but I want to know if I can secure the API with API Key and Secrete. Currently, it seems that whoever is having a user account with me and know API names can call and use the api. I prefer to have another security layer like other popular plateforms which APIs are secured by Key and Secrete or something similiar.
I tried to turn on Identity Sever but it seems that whether it is on or off, users can still access our existing API without needing to go through Identity Server.
Please let me know how we can acheive this security.
Yes, this is not supported at the moment, see the related feature request https://github.com/aspnetzero/aspnet-zero-core/issues/1728