I'm trying to make a ASP.NET (C#) poll that will ask a user a Yes/No question and log that vote to the database. To prevent spam I would like to be able to make sure users can only vote once. I've thought about logging the users IP address. If this is the answer can someone give me a tutorial that shows how this can be accomplished. If this is not the answer then give me your suggestions.
Edit: I'm not asking users to register as this is not my website.
You can only garuantee that each user has one vote if you can authenticate the user. So you'll need an authentication mechanism, that will allow you to prevent the user from registering multiple accounts.
I can only see this work in an environment where the user has invested something into his account, like a subscriber for an online newspaper or a reputation system as on StackOverflow.
If you have a registered users list, send them an email containing a unique link which is generated containing a guid (for example), record the GUID in a database and match on voting.
If you are talking about generally publicly accessible and secure, then IP address on its own is not sufficient (google electronic electoral voting for the many issues involved with secure public voting).
Have you thought about using one of the free voting services?
Condorcet Internet Voting Service
EDIT: would downvoters please leave a brief comment as to why. Thanks.
Logged in sessions are the only way to prevent double-voting fraud but since you explicitly ask for a way to log the IP address, you can get at that through:
HttpContext.Current.Request.UserHostAddress;
or
HttpContext.Current.Request.ServerVariables["REMOTE_ADDR"];
Should be easy enough to save to DB and check if IP already exists on each poll.
If the poll isn't something "critical" (for valid research, or other) I would just log the IP. If you need the poll results for something serious, I would look into Asp.Net Membership Roles.
If you log the IP, you can simply write the IP to a text file related to that poll, and search the file for the IP everytime they try to vote. (Or the same place you store your vote count)
Have a registration that requires email confirmation of registration and make sure the email address is a unique column in the DB among your users. Then tie the vote to the email address. It won't completely prevent a sock puppet who has multiple email addresses but it will at least make it not worth the effort for most.
You can't limit a single vote to one IP address. An IP Address does not equal a single user. An IP address represents one or more users.
A combination of IP and useragent can give you a reasonable solution.
I agree that one single IP address does not correspond to a single user but I think that is the safest way of maintaining one vote per person. I usually use cookies to keep track who has voted. Of course, this is a easy hack where you can just delete the cookies and then vote again. If the vote is just some random stuff then I don't really care. If the correct votes really matter for your application then use IP address.