This is the .NET version of how to strengthen the security of your Forge Viewing Application by using a proxy to avoid passing a token to the client JavaScript code.

View your viewable data with viewables:read scope, the application will only be able to read the end user’s viewable data (e.g., PNG and SVF files) within the Autodesk ecosystem.

All Forge webservice API calls will require a scoped Access Token from May 22nd 2017.

Learn how to secure your Forge Viewing Application behind a proxy

What if you want to develop a desktop application that directly connects to Forge servers?
You want just to compile my app and distribute the binary to my customers, and don't want to waste your time with maintaining a server.
No other services, no proxy, just directly calling the Forge endpoints.
How the Forge related secrets could be secured in this case? What are the best practices and what other challenges await us ahead?

Start from the right foot by landing your Forge OAuth workflow!