I am creating a client program that communicates with the WCF service through the Internet. Everything works with purpose, but I am wondering how can I protect my services so that only my client can use it?
Now with the right URL for my services, everyone can use it with WCFTestClient (for example).
What is the best way to make private so that only my client can use the service? Waving token wire? certificate? password?
I do not know and got nothing useful on the internet.
Best Relationship
Update: The intention of downloading a client program is for the public (all) so it is not for internal use, it will be a service that we provide , Are in official production.
My own thinking was the same: Tie the certificate in my client programs (even if possible?). Check the valid certificate, where the WCF service is running on IIS. Is this possible? Or better solution?
with other answers, which is not bad, and if you If you want to be super careful then you can apply a token system, where the client gets the first token from you, each request gives a new token, and you always check a customer by creating the current token (but this is my Be careful in opinion)
Update - because it is for the public, to check the client on the server. There may be a way to create a valid token for you, you can get a token valid for one intervals for a second, even if people caught the request and found the token, after this .. 15 seconds or 30, etc. Will not be valid
No comments:
Post a Comment