Differentiating requests from client and other services

Question

We have a 3 tier application - winform based thick client, several WCF services hosted in windows services and sql. Some WCF services provide functionalities specific to UI in the clients but there are services running to do data loading, processing, caching etc. So, all these services talk to each other and also serve requests from clients.

Now comes the actual question : Is there a way to understand if a request is from a client or from another service. Assuming I write a message inspector, can I somehow interpret, if a request is coming through from a client (user) or from another service.

What I am trying to achieve - This is in another thread if you need. stopping user requests to wcf services. But briefly, am trying to keep the services locked from user access but the services should continue to run and be accessible to/from other services.

Do you think this is likely to be a big problem? Will the users really want to call the services you don't want them to call? — John Saunders, Jul 04 '11 at 19:48
Please see the link in the question for explanation of the scenario. — Everything Matters, Jul 05 '11 at 08:46
the other question is about stopping all requests - not all of the requests from "users" as opposed to those from other services. — John Saunders, Jul 05 '11 at 13:00

score 2 · Accepted Answer · answered Jul 04 '11 at 19:41

2

Is there a way to understand if a request is from a client or from another service. Assuming I write a message inspector, can I somehow interpret, if a request is coming through from a client (user) or from another service.

That is a task for authentication and authorization. Your clients will have accounts in Clients group and your services will have accounts in Services group. You will also probably need some custom ServiceAuthorizationManager which will check if clients are allowed to access the service and either pass them in or throw exception.

answered Jul 04 '11 at 19:41

Ladislav Mrnka

360,892
59
660
670

No. The scenario here is different. It is totally not related with authorization. Refer to the link for some explanation on the scenario. Hopefully it helps. – Everything Matters Jul 05 '11 at 08:47
1

I read that link and it doesn't matter. You want to know if the request is from service or client - you want authentication. You want to deny the client to access the service - you want authorization. Call it as you want but that is what you need. You will either use built in stuff or you will add some magic field to each request and you will do it manually. Or you will have separate service for clients and for services and you will simply stop the host for client service if you need to. – Ladislav Mrnka Jul 05 '11 at 08:53
Yes, that seemed to help. looking through this to see how to implement what I need in here. Thank you. – Everything Matters Jul 07 '11 at 08:52

Differentiating requests from client and other services

1 Answers1