"Bob" <Bo*@discussions.microsoft.comwrote in message
news:D0**********************************@microsof t.com...
Ok. It's secure - If the web service would tell me, I wouldn't need to go
modify the 6 or so apps that are calling it.
I asked if it needs to be secure so I would know how bad it would be if a
calling application pretended to be some other calling application.
At any rate, in general, the recipient of a TCP/IP message doesn't know
_who_ called it. It only knows the sending IP address and port. HTTP doesn't
add any automatic determination of client identity to TCP/IP, so there is
none - at least not automatically. There are several methods you could use
to cause the clients to identify themselves, but none are automatic.
One method would be for the client to pass a certificate to the server. The
server could validate the certificate and then know with some certainty who
was calling.
Another method would be for the client to send a username and password, and
it would be known, with somewhat less certainty, who was calling.
--
John Saunders [MVP]