I know someone has to have answered this question but I cannot find anywhere.
When other web applications connect to my web services. I need to be able to
retrieve information that will uniquely identify the application making the
request (not the individual PC as we have 1000s of users and would be
impossible to track.
The issue is we grant access to our web services to other web applications
written by 3rd part developers. But even with username and passwords, there
is no way to prevent one 3rd party developer from sharing their passwords
with another 3rd party without our knowledge.
I need a way to uniquely identify the application caller that cannot be
modified simply changing a web config entry or a string of sort. Something in
the headers maybe, but I don’t see anything other then those of the web
service itself.
I wanted to use the UrlRefeerer so that for example:
if we gave Microsoft.com a username and password to use on their sites to
access our web services and they shared it with Apple, it still would not
work for Apple b/c my web service knows that user/pass combination belongs to
the MS url and only should except requests as such. In theory, if such a
piece of information exist and is readable by a web service, you would need
to issue users name is passwords b/c the WS could figure out on the call what
the application is.
Any help appreciated
--
JP
..NET Software Developer