tags:

views:

50

answers:

2
+1  Q: 

How to stick a user to use a specific PC to access our webpage?

I'm building a website that just allow each person in my office to access the page from their own PC placed at the office only. It looks like I need to identify a client from within the codes on the ASP.net web server. How can I do this? Please help!

+2  A: 

This is going to be tough if it needs to be watertight.

Ideas:

  • Maybe easiest: If the computers all have fixed LAN IPs, maintain a table of IPs and users. Allow users to log in from "their" IP only.

  • Use a cookie to tie a computer to a user. Create a "connect this computer to my user account" page. That page set a cookie that lasts forever on the user's computer. The cookie contains an ID that is associated with a user name on your server's end. This requires the trust that the user is actually on their computer at the time of "connecting", but you wouldn't have to do any work on their computer directly.

  • If your colleagues are confined to using one Browser, see whether you can use that browser's user agent and inject some unique value. This can be done for Internet Explorer by modyfing a registry value IIRC. This would require you to access each computer individually.

  • Install a small service on each user's computer that sends back a pre-defined ID code when connected to. The ID identifies the computer the user is accessing the site from. This would require you to access each computer individually.

  • re your comment: Totally crazy idea: Write a script that logs into the network router, parses the "DHCP clients" table, thus finding out which MAC address has which IP address. Not a quick job and not a clean solution but, if the router has a web interface, it might be possible. Of course, you may have to adjust your script when the router gets an software update.

None of this will be reliable enough to protect against criminal activity, but should do to identify a computer under normal circumstances.

Pekka  2010-07-02 09:25:39
Although i cant speak for the OP. 5th idea seems viable. I was going to suggest ActiveX, but that wont work on Non-IE browsers.
Vivek Bernard  2010-07-02 09:30:03
@Vivek Bernard: Did you mean the 3rd idea of Pekka?
Nam Gi VU  2010-07-02 10:06:53
@Nam sorry, I deleted one because it was moot. @Vivek meant what is now the fourth one.
Pekka  2010-07-02 10:10:36
@Pekka: The network are setting dynamic IP for the PCs.We really wouldn't want to set up anything on the client :)
Nam Gi VU  2010-07-02 10:12:15
@Nam hmm, then the only option left is a cookie I think! There is no generic unique machine ID that gets sent automatically alongside a HTTP request (luckily, it would be a privacy nightmare), although you could look at the request headers whether the MAC address of the client's network card gets sent along, it being the local network.
Pekka  2010-07-02 10:15:49
@Nam I added an additional, crazy idea to my answer.
Pekka  2010-07-02 10:19:34
@Pekka: In your idea about using a cookie, a person can move cookies from a PC to another - which doesn't meet my need.
Nam Gi VU  2010-07-02 10:20:18
@Nam that requires malicious activity, though. Getting security on that level is tough. What if a user's computer breaks down and they need to use another? Is implementing a classical login system totally out of the question?
Pekka  2010-07-02 10:23:08
@Pekka: Your idea about reading the 'DHCP client' table is brilliant ^_^ Crazy indeed but brilliant! I'll try that way. It's so nice to discuss with you!
Nam Gi VU  2010-07-02 10:25:09
@Pekka: If the PC breaks down, user needs to ask us to reset his account so as he can restart on a new PC.About the classical login, we can not bind a user to a specific PC Pekka. I love your crazy idea above!
Nam Gi VU  2010-07-02 10:27:04
@Nam okay! :) A cleaner alternative would be to have a server in the office do the DHCP instead of the router, a server that has an API to query the clients' MAC addresses from. But that would be a lot of IT hassle so the router idea might just be the most elegant one. I'd be interested to hear whether it worked out that way!
Pekka  2010-07-02 10:29:21
A: 

Assumption:

computers in the network are assigned a static IP addresses..

Possible Solution:

Associate each IP with each specific user.

Each time a user tries to login to the service, ask for their credentials i.e. username, password and check if those credentials match the IP address associated with the username and password stored in the db.. just a thought!

ultrajohn  2010-07-02 09:26:48

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps