Http header for "Requester"

Question

Http header for "Requester"

I am writing a WCF service whose purpose is to authenticate clients using a shared secret key. Each configured client will have its own unique shared key, which only the client and service are aware of. Part of this process means that the auth service should be able to look for a configured shared key for each client when they request authentication. The service uses webHttpBinding, so I would like to use an HTTP header for this, if possible.

Is there a better header for customers of this service to use than a “Referrer" header to declare their identity?

+4

http rest http-headers wcf

Andrew Church Nov 25 '11 at 14:50

source share

1 answer

Vasiliy Faronov · Accepted Answer · 2011-11-25T15:06:21+0000

Referer is probably not a good choice, since I assume that the client will know the server URI in advance (hardcoded or from the configuration), and the standard says :

"The Referer field SHOULD NOT be sent if the Request-URI was received from a source that does not have its own URI"

I think that Authorization with a custom schema (see also RFC 2617 ), or a custom header such as X-Client-Id , would be a smart choice.

Http header for "Requester"

More articles: