The last time i wrote a WebApi it was a solution with multiple Accounts and Users. I used EF and MSSQL with JWT Tokens. Now i have another situtation. I have a WebApi what will be called from another program, and just this one. To use EF and Database, feels me overkilled. Is there any possibility to set just one acoount/user (maybe hardcoded) to use the API?
I googled around, sadly nothing found.
You don't need a user, but an API authentication/authorization method, for example :
1. Using API key
The client can send an API key in the headers of the request that you check from server-side. This can either be hard-coded in the server, or do a DB lookup for the key in a simple schema.
Using the DB you can have more context about the owner of the key and add/remove them dynamically.\
Here is a sample (it uses the Phoesion Glow framework but it's the same with asp.net) and this is the auth middleware part
2. Using JWT
You don't need users/identity-server etc to use JWT, you can generate a token using symmetric encryption with all the claims you want your token to contain.
(with a little more work you can also use asymmetric encryption to sign the tokens and give them to other api consumers) \
Here is a sample using this method
3. Using HMAC
You can use encryption and hashing to verify that the request coming from the client are valid. In this method you hash the contents and sign them with a key, then send the signature in the headers of the request
More about HMAC here and here (azure-specific)
( Disclaimer : The samples I mention above are written by me, because I am a developer of Phoesion Glow )