Reputation: 2119
Authenticating (or even identifying) client machine in ASP.NET
What strategies work well for identifying the machine a user is browsing from?
Assumptions: Domain User on a Domain Machine using IE and Integrated Windows Authentication with at least NTLM.
This SHOULD be easy, but I can't find how you can pull this info out of Request or any other hole. Per-client certificates seems a lot of overhead (and I don't even know if you can access the certificate info through Request). I also thought about a MAC address-based scheme... ick. Calgon, take me away!
Upvotes: 0
Views: 238
Answers (3)
Reputation: 5412
you could also try sending a nbtstat-style ping back at the IP address in the Request. The 20h record in the response will be the hostname. A google search turned up several code samples for this.
It's worth a shot, it seems like that would be easier than distributing and maintaining per-client certs.
Upvotes: 0
Reputation: 2119
Request.UserHostName does a reverse dns lookup on the IP address in the HTTP header. For our purposes this is going to be too unreliable. Thanks to RM for the pointer.
In the end, I believe we are going to recommend per-client certificates, and track our machine specific info in a database based on the Request.ClientCertificate.
Upvotes: 0
Related Questions
- ASP.NET Windows Authentication
- Retrieving the PC Name of a Client? (Windows Auth)
- Determine Client's Computer Name
- Uniquely identify machine in web application using asp.net c#
- asp.net authentication looks at machine name
- ASP.NET authentication
- How to uniquely identify the client machine in an ASP.NET application?
- Machine level authentication
- Ways of Authentication against a Windows Server in C# for a Client Application
- asp.net windows authentication