locked
Bing Maps WPF Beta Control : Hide credential from snoop

    Question

  • Hi,

    We bought a Bing map key and we plan to used it with the Wpf control. I realize than I can snoop the "CredentialsProvider" property of the Map control and read the ApplicationId (Witch is the actual key string). Is there a way to prevent this?

    Tuesday, November 22, 2011 9:05 PM

Answers

  • In my case, I successfully hide the key to the trivial curious without creating any bug.

    But how somebody could get my key on the bing portal?

     

    //Created a super class of ApplicationIdCredentialsProvider and override ApplicationId
    public class HiddenCredentials:ApplicationIdCredentialsProvider
    {
        public HiddenCredentials(string applicationId): base(applicationId){ }
    
        public new string ApplicationId
        {
            get
            { 
                return "Curiosity is a virtue.";
            }
            set
            {
                base.ApplicationId = value;
                OnPropertyChanged("ApplicationId");
            }
        }
    }    
    
    //Then set the credentials provider manually in the code
    public class MyUserControl : UserControl
    {
        public MyUserControl()
        {
            InitializeComponent();
        }
        private void UserControl_Initialized(object sender, EventArgs e)
        {
            myMap.CredentialsProvider = new HiddenCredentials("mykey");
        }
    }
    
    


     

    Wednesday, November 23, 2011 3:08 PM

All replies

  • Right now there is no way to hide the keys, which is same as Ajax controls as well! Since keys can be obtained from bing portal site, they do not expose much harm. Any illegal use can be tracked through the key usage from bingmapportal site.
    MSFT
    Hemant Goyal
    Wednesday, November 23, 2011 5:12 AM
  • In my case, I successfully hide the key to the trivial curious without creating any bug.

    But how somebody could get my key on the bing portal?

     

    //Created a super class of ApplicationIdCredentialsProvider and override ApplicationId
    public class HiddenCredentials:ApplicationIdCredentialsProvider
    {
        public HiddenCredentials(string applicationId): base(applicationId){ }
    
        public new string ApplicationId
        {
            get
            { 
                return "Curiosity is a virtue.";
            }
            set
            {
                base.ApplicationId = value;
                OnPropertyChanged("ApplicationId");
            }
        }
    }    
    
    //Then set the credentials provider manually in the code
    public class MyUserControl : UserControl
    {
        public MyUserControl()
        {
            InitializeComponent();
        }
        private void UserControl_Initialized(object sender, EventArgs e)
        {
            myMap.CredentialsProvider = new HiddenCredentials("mykey");
        }
    }
    
    


     

    Wednesday, November 23, 2011 3:08 PM
  • I meant, since users can get new key from bing maps portal easily, there are very less chances that any body can use your key.

    Also, you can view the usuge of your key from bing portal site.


    MSFT
    Hemant Goyal
    Wednesday, November 23, 2011 5:49 PM
  • What I'm trying to prevent is for others to use MY key. Yes, keys are easily available, but the developer keys are only valid for 90 days; after that they are limited. If I'm using my key alongside a purchased licence for Bing Maps Geocoding and Imagery services, it seems to me the smart thing to do would be to hide that key so that someone else does'nt use it in their application, consuming MY transactions and sesssions.
    Friday, November 25, 2011 1:24 PM