Bing Maps WPF Beta Control : Hide credential from snoop

Question

Hi,

We bought a Bing map key and we plan to used it with the Wpf control. I realize than I can snoop the "CredentialsProvider" property of the Map control and read the ApplicationId (Witch is the actual key string). Is there a way to prevent this?

Answer 1

Right now there is no way to hide the keys, which is same as Ajax controls as well! Since keys can be obtained from bing portal site, they do not expose much harm. Any illegal use can be tracked through the key usage from bingmapportal site.

---

MSFT
Hemant Goyal

Answer 2

In my case, I successfully hide the key to the trivial curious without creating any bug.

But how somebody could get my key on the bing portal?

 

//Created a super class of ApplicationIdCredentialsProvider and override ApplicationId
public class HiddenCredentials:ApplicationIdCredentialsProvider
{
    public HiddenCredentials(string applicationId): base(applicationId){ }

    public new string ApplicationId
    {
        get
        { 
            return "Curiosity is a virtue.";
        }
        set
        {
            base.ApplicationId = value;
            OnPropertyChanged("ApplicationId");
        }
    }
}    

//Then set the credentials provider manually in the code
public class MyUserControl : UserControl
{
    public MyUserControl()
    {
        InitializeComponent();
    }
    private void UserControl_Initialized(object sender, EventArgs e)
    {
        myMap.CredentialsProvider = new HiddenCredentials("mykey");
    }
}

 

Answer 3

I meant, since users can get new key from bing maps portal easily, there are very less chances that any body can use your key.

Also, you can view the usuge of your key from bing portal site.

---

MSFT
Hemant Goyal

Answer 4

What I'm trying to prevent is for others to use MY key. Yes, keys are easily available, but the developer keys are only valid for 90 days; after that they are limited. If I'm using my key alongside a purchased licence for Bing Maps Geocoding and Imagery services, it seems to me the smart thing to do would be to hide that key so that someone else does'nt use it in their application, consuming MY transactions and sesssions.