4

I have created an Android application with C# on the server side. Following this tutorial, I am using Json web service. Everything is working well, but the only issue is if someone hits www.mydomain.com/Handler.ashx?ANDROID, then all the methods written on server side are downloaded as a text file and the code can be read easily.

What I want to do is that the server should respond only if request is being made from my android application. If someone(hacker/cracker) hits the url, then he should not be able to download the code and should be redirected to some specific page saying unauthorized access prohibited.

Can someone help me with this? Let me know if this question is not clear.

Alok Gupta
  • 1,353
  • 1
  • 13
  • 29
  • 1
    Perhaps securing you restful api: http://stackoverflow.com/questions/4817643/how-to-secure-restful-web-services – Jose Luis Feb 21 '16 at 09:20

1 Answers1

1

What you can do is to pass a key from your android app for check.

I don't know C# but in PHP it can be something like this -

In your C# file, somewhere near the top of the file, check for a key value sent with a post method. If there is no key passed or wrong key passed, redirect to some other page.

$required_key = "Udsd728392jsakk22";

if(($_POST['key'] == null) || ($_POST['key'] != $required_key)){

//redirect to some other page
header("Location: www.myexampledomain.com/error.php");

}

And from your android app, when you are sending request to the URL, send with a key.

Asutosh Panda
  • 1,463
  • 2
  • 13
  • 25