We wanted to follow recommendation from http://omaralzabir.com/best_practices_for_creating_websites_in_iis_6_0/ to
“add “From” header and set the server name. I do this on each webserver and specify different names on each box. It’s handy to see from which servers requests are being served. When you are trying to troubleshoot load balancing issues, it comes handy to see if a particular server is sending requests”
However one of the client of our rest service reported that From value in the response header is not valid and causing the .net HttpClient to throw an exception.
Innermost Message: The header cannot be added. Make sure to add request headers to HttpRequestMessage, response headers to HttpResponseMessage, and content headers to HttpContent objects.
Innermost Source: Microsoft.Net.Http
Innermost StackTrace: at System.Net.Http.Headers.HttpHeaders.CheckHeaderName(String name)
at System.Net.Http.Headers.HttpHeaders.AddWithoutValidation(String name, String value)
at System.Net.Http.HttpClientChannel.AddHeaderValues(WebHeaderCollection source, Int32 index, String header, HttpHeaders destination)
at System.Net.Http.HttpClientChannel.CreateResponseMessage(HttpWebResponse webResponse, HttpRequestMessage request)
at System.Net.Http.HttpClientChannel.GetResponseCallback(IAsyncResult ar)
HTTP/1.1 200 OK
Date: Fri, 09 Mar 2012 07:29:25 GMT
According to http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html
The From request-header field, if given, SHOULD contain an Internet e-mail address for the human user who controls the requesting user agent. The address SHOULD be machine-usable, as defined by “mailbox” in RFC 822  as updated by RFC 1123 :
From = “From” “:” mailbox
An example is: From: firstname.lastname@example.org
This header field MAY be used for logging purposes and as a means for identifying the source of invalid or unwanted requests. It SHOULD NOT be used as an insecure form of access protection. The interpretation of this field is that the request is being performed on behalf of the person given, who accepts responsibility for the method performed. In particular, robot agents SHOULD include this header so that the person responsible for running the robot can be contacted if problems occur on the receiving end.
Actually standard doesn’t specify From as expected RESPONSE header(only as request).
however we should rename the custom header to something else to avoid conflicts, e.g.