How to restrict web service to Windows Phone 7 device?

Hello I wanted to request api keys (client ids, application ids, etc) from a web service under a .NET web application that I created. The thing is I need to make this web service secure, in other words only the downloaded app on wp7 should be able to request this web service. Is there some kind of device specific string that I can authenticate against to make sure a WP7 dev开发者_如何学编程ice is calling this?

The reason I am doing this is in case the key ever gets compromised, I can change it from within my web application without having to update the app on every single device the app was downloaded to.

Does anyone have suggestions on how to go about this?

Any device specific string can be spoofed and WP7 doesn't have a secure storage method today. A common scheme is to return an authentication token from an https login method that is then stored on the device as an encrypted stream. Realize that the decryption key and string are both on the device and could be decrypted if the device is compromised. You can also then expire the authentication tokens server-side whenever you need to and the tokens can expire after a certain time.