ASP.NET Core with optional authentication/authorization

Question

I want to build an ASP.NET Core based WebApi for accessing data from a database. This WebApi could be used in two ways, either as a public WebApi which would need authentica

Answer 1

I would recommend to authenticate both applications: web application and the Web API one. You will have everything secured. For skipping an authentication that is not a good idea. Simply create an user for your web application (in the Web API application) which will be used to authenticate when getting data from the Web API.