I have an app that makes request to a wcf service. Usually I authenticate all of the requests using a hash value that is sent in the body of the request and then authenticated on the server. All most all of the request are sent via json and it is easy for me to add the hash value to the body of the request. The issue I am facing is that when I send a file stream I cannot add the hash to the body of the request so I am wondering how I can authenticate that the request came from my app and not from some where else. All suggestions are greatly appreciated.
Asked
Active
Viewed 69 times
0
-
1Have you considered a header with the hash in it? If it does not have it, or is incorrect, reject it. Edit: wording. – Yordan Lyubenov Jan 14 '14 at 15:26
-
I have not, but I don't know how to implement that, that sounds like what I'm looking. Suggestions or links to examples? – KBusc Jan 14 '14 at 15:32
-
thanks thats what I wanted. Is that secure, is there any way for someone to read the headers of the request? – KBusc Jan 14 '14 at 15:50
-
[This](http://allen-conway-dotnet.blogspot.com/2012/07/using-basic-authentication-in-rest.html) is what I was getting at. Otherwise, you can check also [this](http://allen-conway-dotnet.blogspot.com/2012/06/restful-services-authenticating-clients.html) link, since it was a long time ago when I read those. Second comment: I am not so good in that department, I guess open another question about that. AFAIK it is good enough, yet I might be very wrong. – Yordan Lyubenov Jan 14 '14 at 15:51
-
also feel free to create an answer if you want the reputation points. – KBusc Jan 14 '14 at 16:06
1 Answers
1
Adding an authorization item in the header is a possible solution. So, if anyone is interested, read this and this.
Yordan Lyubenov
- 191
- 10