Most public web services use API Keys as a means to control access. This provides you with a way to revoke the key of a malicious or malfunctioning application that is causing problems with your service.
Implementing API Keys
Callers that want to invoke your service will need an API key. You will have to create a mechanism for issuing and revoking, storing and retrieving API keys.
Modifying this template
Modify the APIKeyRepository class to obtain the keys from your store. This example retrieves keys from App_Data/APIKeys.xml
For enhanced scalability consider caching the key list using the local cache or Windows Server AppFabric caching for distributed caching across a web farm
Modify the HTML response returned when an API Key fails validation - the HTML returned is defined as the constantAPIKeyAuthorization.APIErrorHTML