Home  /  Questions  /  Question



50   50
Jan 09, 2012


RequestBase.ClientTag

What would be proper documentation to RequestBase.ClientTag? Currently, it seems to be copy-pasted from AccessToken.

In what scenarios can you recommend to use it? What options could be used if WCF is available via non-secured http?

/// <summary>      

/// Each web service request carries a security token as an extra level of security.

/// Tokens are issued when users are coming online. They can expire if necessary.

/// Google.com and Amazon.com uses this in their API.

/// </summary>

[

DataMember]

public string ClientTag;







50   50
Jan 11, 2012
Hi,
Probably if using a non-secure WCF service you could implement some sort of API key like how google does with its maps. This could then be used to manage access etc? Does that help?

50   50
Jan 11, 2012
Not much. Do you have a link for such implementation details?

Anyway, I'd like to hear the purpose of ClientTag from the framework authors. Note that ClientTag is never mentioned in Patterns In Action 4.0.pdf.

50   50
Jan 11, 2012
Here is an interesting link that may help more. As for the ClientTag I can not really help as I do not have the framework documetation.

anyway hope this helps.

http://blogs.msdn.com/b/rjacobs/archive/2010/06/14/how-to-do-api-key-verification-for-rest-services-in-net-4.aspx

50   50
Jan 11, 2012
Interesting, thanks. Sounds like APIKey is a pre-defined parameter known to both server and client and used to validate the request on the server-side. Most likely ClientTag serves as APIKey. However, this approach does not seem to be secure as APIKey / ClientTag could be intercepted very easily (but anyway it's better than nothing). So that's why I asked about ClientTag purpose and scenarios to use it.