In a client-server application how can the server know that a request comes from a genuine application and not from a tampered copy of it? I still haven't developed neither the client nor the server application. The solution may be plain socket, wcf, IIS hosted or whatever.
There really isn't a way. Anything you could ask for the app to provide, a rogue app could spoof. Ultimately the answer is that you shouldn't trust any client application. You can trust users provided they've authenticated, but the client itself is 100% untrustworthy.
To illustrate this completely, I could run all of the traffic through a proxy server and inject/remove messages at will. Then you've got a legitimate client with spurious messages.
Now if you're talking about a library that you plan on using on a client, making sure it hasn't been tampered with, that's what strong naming assemblies is for. But that wouldn't help you over the wire.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With