HttpClientHandler handler = new HttpClientHandler{ UseDefaultCredentials =

1. HttpClientHandler handler = new HttpClientHandler
2. {
3. UseDefaultCredentials = true
4. };
5. Client = new HttpClient(handler);
6.  
7. 1. On the client side get the UTC Unix timestamp and convert to string
8. 2. Add a special password (called salt) to the end of the string
9. 3. Convert it to a Sha1 string
10. 4. Now you have 2 extra pieces of data, the timestamp and the resulting hashcode
11. 5. Send the timestamp and hashcode along with the request to your web api
12.  
13. 1. Create a Unix UTC timestamp. Subtract it from the timestamp that was sent to you, if it's greater than say 10 minutes reject the request.
14. 2. Take the timestamp sent to you, add the salt to the string and hash it, if it equals the hashcode the client sent you then the request is still ok, otherwise reject it.
15. 3. Search an array (or however you want to store values) for the timestamp that was sent to you. If its not in the array then store it in the array. If it is in the array then reject the request. You should be using a timestamp down to millisecond for all of this.