How to hide the client id and secret code for translator service in a .Net desktop app? RRS feed

  • Question

  • I want to add the translation service to my open source .Net desktop application.

    How can I achieve to not expose the client id and secret code?

    - It's open source, so everyone can see the source code.

    - It's .Net, so everyone can decompile the binaries and read the code to find the secret.

    - It's a desktop app, so anyone could use the binaries and call the translate method, even without explicitly knowing the secret.

    How can I use the translation service in a desktop app without violating the license terms?

    Wednesday, July 17, 2013 7:20 AM

All replies

  • Tom - perhaps a good way to do this (for open source apps at least) is to have a config file where these elements reside, and you don't make yours available when you make the source code public. To be 100% secure (esp against the binary decompiling methods) you could run a server that fetches the tokens (so you keep the client id and secret safe in the cloud) and sends the tokens back to the app.

    Neither of these options might be ideal in your situation. We are continuing to work towards other means of securing the credentials in these types of situations. Would love to hear from you about how you would like us to handle this - email us at mtcont@microsoft.com with your suggestions.

    Vikram Dendi, Director of Product Management
    Microsoft Translator

    Tuesday, August 13, 2013 8:41 PM