Support for Cookies and API Keys in ASP.NET Web API
I have a full set of (ASP.NET) web APIs developed in .NET 5.0 and implemented Cookies authentication scheme.
After successful authentication (user id and password) with Azure AD, cookie is generated and stores user permissions etc.
Now, we would like to expose the same set of APIs to a third party consumer using API Keys (no cookies here, api key in the request header).
I have seen articles to implement only API Keys in the solution. But what is the approach to implement API Key support to the existing working solution using cookies?
Need to add second authentication scheme in Startup.cs?
How does the .NET pipeline differentiate the request coming with cookies or API Key?
Any direction and references is appreciated.