Views: 16.2K
Replies: 4
Archived
|
RequestBase.ClientTagWhat would be proper documentation to RequestBase.ClientTag? Currently, it seems to be copy-pasted from AccessToken.
In what scenarios can you recommend to use it? What options could be used if WCF is available via non-secured http?
/// <summary> /// Each web service request carries a security token as an extra level of security. /// Tokens are issued when users are coming online. They can expire if necessary. /// Google.com and Amazon.com uses this in their API. /// </summary> [ DataMember]
public string ClientTag; Michael S, Jan 09, 2012
|
|
Reply 1Interesting, thanks. Sounds like APIKey is a pre-defined parameter known to both server and client and used to validate the request on the server-side. Most likely ClientTag serves as APIKey. However, this approach does not seem to be secure as APIKey / ClientTag could be intercepted very easily (but anyway it's better than nothing). So that's why I asked about ClientTag purpose and scenarios to use it.
Michael S, Jan 11, 2012
|
|
Reply 2Here is an interesting link that may help more. As for the ClientTag I can not really help as I do not have the framework documetation.
anyway hope this helps. http://blogs.msdn.com/b/rjacobs/archive/2010/06/14/how-to-do-api-key-verification-for-rest-services-in-net-4.aspx Dan Bambling, Jan 11, 2012
|
|
Reply 3Not much. Do you have a link for such implementation details?
Anyway, I'd like to hear the purpose of ClientTag from the framework authors. Note that ClientTag is never mentioned in Patterns In Action 4.0.pdf. Michael S, Jan 11, 2012
|
|
Reply 4Hi,
Probably if using a non-secure WCF service you could implement some sort of API key like how google does with its maps. This could then be used to manage access etc? Does that help? Dan Bambling, Jan 11, 2012
|