views:

28

answers:

1

I want to allow access to a WCF service to only those requests that contain a developer key. This is similiar to how the Google Maps API works. Register for a developer key and include that key in your requests.

Anyone can get a key. How you get a key is undecided but is being discussed. For now, we'll email you a key.

The service is up and running so I will be adding this on. I just need to know what I'm looking for so I can figure out what I need to do. Makes sense, right?!?!

What is this scheme called? What should I search for? Any suggested links / books / whitepapers?

A: 

You would typically send something like this as a header in each message. The easiest way to do this in WCF is to create a message inspector, which can stick the key into the SOAP headers of the WCF message for each outgoing request.

See Pablo Pialorsi's great blog post Writing a WCF Message Inspector to see how its done. Or check out this CodeProject article which shows how to automatically flow the client's culture info to the server.

On the server side, you would then have to extract that API key from the SOAP headers (there's also a server-side implementation of message inspectors) and validate it against some repository / store and either allow the call to proceed, or throw a SOAP fault "unauthorized access" or something back at the caller.

marc_s