开发者

Pattern for verifying authenticity of a request to WCF service

开发者 https://www.devze.com 2023-01-01 20:36 出处:网络
I have a client app that makes calls to a WCF service. This app is on a public computer that\'s easily accessible and anyone can easily copy the .EXE and .CONFIG of my app into another machine and sta

I have a client app that makes calls to a WCF service. This app is on a public computer that's easily accessible and anyone can easily copy the .EXE and .CONFIG of my app into another machine and start using it.

Is there a pattern where I can check if the request is coming only from an app on a computer I installed it on and not on one it has been copied to?

开发者_JAVA技巧

Thanks in advance.

EDIT: I have thought of using the MAC address of the computer but not sure how reliable/easily hacked that would be. This is a financial product so the authentication needs to be very very tight.


You could e.g. define a list of valid IP addresses where you installed your stuff on, and then apply a IP filter to only allow calls from those authorized IP's.

See:

  • WCF Behavior Example - IPFilter
  • Detect client IP in WCF 3.5
0

精彩评论

暂无评论...
验证码 换一张
取 消