Yes, you can do this by adding this to the headers on the client:
var client = new HttpClient();
client.DefaultRequestHeaders.Add("X-ZUMO-APPLICATION", "[my key]");
Force the service to think it's hosted so that it enables Authentication.
(in App_Start/WebApiConfig.cs: config.SetIsHosted(true);
Add the application key and master key to the web.config:
<add key="MS_MasterKey" value="[your master key]" />
<add key="MS_ApplicationKey" value="[your app key]" />
Without #1, the authentication across the service will be completely ignored, and therefore you don't know if how you've added authentication in the client is working.
Without #2, you can add the key to the client (that you get from Azure) all you want, but it will always return 401. This may be the answer to the second question posted about using the MobileServiceClient always returning 401.
Lastly, there are three different headers you can use in total. You use each one with each different level of authorization. From this MSDN doc:
- X-ZUMO-APPLICATION -The application key of the mobile service. You must specify a valid application key when required to access the table operation. This is the default table operation access permission.
- X-ZUMO-AUTH - The service-generated authentication token for an authenticated user. You must specify a token for an authenticated user when required to access the table operation.
- X-ZUMO-MASTER - The service master key. You should only include this key when administrator access is required to access the table operation.