tags:

views:

96

answers:

1
+5  Q: 

How to implement Website security based on client hardware or other solution?

Hi, I have two websites (one asp classic and the other asp.net) which we would like to implement some kind of security based on the client's hardware. We want something other than a password which could be shared. The purpose is to be sure access to information on the websites is not shared.

We were contrmplating storing hardware info in our database and validating against that upun website entry.

I have been looking into ActiveX (it would be acceptable to limit our users to IE), although we do have users who would like to use I-Phones. I have done no ActiveX development myself but have found a few articles on the web about ActiveX but that whole approach looks complicated. And also there seems to be a 64bit issue making it even more difficult.

So, I wonder if anybody has any advice as to what the best options might be for securing the website access in a way that would prevent sharing?

I wonder if client side certificate authorization would help? I have not looked into these yet so will research those.

Thank you for any input.

Jim

A: 

If you're looking for really high security, you can perhaps use an RSA SecurID.

I have a website which I connect to via a little dongle which generates a random key every 60 seconds, combined with a 4 digit pin of my choice.

Sharing it between users could still be possible, but less likely since the key changes all the time. They would need to communicate in person or via phone/chat to share the key..

Marko  2010-10-02 23:47:46
Yes, I use those for a couple clients of mine. That won't work for this application because it would be too restrictive for our users. One of the websites is a forum where users auto-sign in with cookies on email links. That is why we were wanting to validate against the users hardware. The user would not need to do anything additional to gain access. Thanks for the idea however!
Jim  2010-10-02 23:51:47
Well in that case, I'd say it's impossible without ActiveX.
Marko  2010-10-02 23:53:48
I am working on an ActiveX solution. I have a long ways to go yet. I wanted to see if there were any other options first! Thanks.
Jim  2010-10-04 13:02:13
Hummm, anybody know if client side certificate authorization would help? I will research those, I am not familiar with those yet.
Jim  2010-10-04 14:18:33
My client wants the ActiveX. So, I am working on that.
Jim  2010-10-06 13:44:24

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps