Reputation: 37211
How to make sure a user can only vote once on an ASP.NET poll
I'm trying to make a ASP.NET (C#) poll that will ask a user a Yes/No question and log that vote to the database. To prevent spam I would like to be able to make sure users can only vote once. I've thought about logging the users IP address. If this is the answer can someone give me a tutorial that shows how this can be accomplished. If this is not the answer then give me your suggestions.
Edit: I'm not asking users to register as this is not my website.
Upvotes: 6
Views: 4249
Answers (8)
Reputation: 300719
If you have a registered users list, send them an email containing a unique link which is generated containing a guid (for example), record the GUID in a database and match on voting.
If you are talking about generally publicly accessible and secure, then IP address on its own is not sufficient (google electronic electoral voting for the many issues involved with secure public voting).
Have you thought about using one of the free voting services?
Condorcet Internet Voting Service
Upvotes: 4
Reputation: 32095
Logged in sessions are the only way to prevent double-voting fraud but since you explicitly ask for a way to log the IP address, you can get at that through:
HttpContext.Current.Request.UserHostAddress;
or
HttpContext.Current.Request.ServerVariables["REMOTE_ADDR"];
Should be easy enough to save to DB and check if IP already exists on each poll.
Upvotes: 2
Reputation: 20086
I agree that one single IP address does not correspond to a single user but I think that is the safest way of maintaining one vote per person. I usually use cookies to keep track who has voted. Of course, this is a easy hack where you can just delete the cookies and then vote again. If the vote is just some random stuff then I don't really care. If the correct votes really matter for your application then use IP address.
Upvotes: 0
Reputation: 34347
A combination of IP and useragent can give you a reasonable solution.
Upvotes: 0
Reputation: 7080
You can't limit a single vote to one IP address. An IP Address does not equal a single user. An IP address represents one or more users.
Upvotes: 4
Reputation: 9416
Have a registration that requires email confirmation of registration and make sure the email address is a unique column in the DB among your users. Then tie the vote to the email address. It won't completely prevent a sock puppet who has multiple email addresses but it will at least make it not worth the effort for most.
Upvotes: 1
Reputation: 353
IP addresses won't work for the millions of people who are working behind a proxy as well.
Cookies are a partial solution, but voting robots could just not send the cookie.
Upvotes: 3
Reputation: 17415
You can only garuantee that each user has one vote if you can authenticate the user. So you'll need an authentication mechanism, that will allow you to prevent the user from registering multiple accounts.
I can only see this work in an environment where the user has invested something into his account, like a subscriber for an online newspaper or a reputation system as on StackOverflow.
Upvotes: 13
Related Questions
- Limit 1 vote per IP Address?
- Stopping users voting multiple times on a website
- How can I prevent users from voting more than one time?
- avoid multiple votes with ip
- how to vote ONCE on website without authentication
- Best Method for Preventing a user from voting multiple times in a Multi-Tenant environment
- One IP address to be allowed only once in asp.net
- How can I prevent users from voting more than once in 1 hour?
- A unique ID for a poll response
- Allowing one vote per computer (not IP, not logged in user)