Hello,
I need to implement an authentication in my client application against my server application. I don't want users to enter any kind of credentials and I don't want to hard-code any password.
The purpose is to prevent other people/application to steal data from the server.
What is the best way to achieve this?
I suppose that you don't want to use any hardware devices, such as smart-card reader, fingerprint reader or token generator.
If you use server-side generated unique identifiers, such as GUIDs, you need a way to distribute them with clients to be sure that client is OK. In that case you will keep a track of the issued GUIDs and use them to authenticate a client. Or you can accept client-side generated identifiers using known algorithm based on the facts that are provided during registration process (name, address, email address, etc).
In both cases, you have to keep a key/facts on the client machine, which is another problem.