Machine Authentication Scheme C#

Question

I'm trying to implement an authentication scheme which allows a sever application to validate that the client machine that sent it information is a valid machine. I was thinking of implementing something similar to this: Keep in database a list of every machine which has access allowed, when a machine is added to the systems, server application generates an identifier for it and a certificate with a public and private key, this certificate and identifier will be installed on the client. When client machine requests anything from the server machine, it has to give the identifier encrypted with the private key. If the server can decrypt the given identifier, the machine will be authorized to make the request.

I really don't know if theoretically and in practice this is a valid scheme. This is a ASP.NET application using C#.

Answer 1

You may want to use X509 Client Certificates on a HTTPS connection. They were built with that purpose in mind and they are an open standard:

For highly secure Web applications, such as Internet banking sites, you may want to implement a more secure solution for user authentication than the user name and password combination. You can use client-side digital certificates to verify the identity of the user. In addition, you can map client-side digital certificates to Windows accounts on the server if necessary.
—source

On the client side you can use this resource to get you started:

This article discusses how to send a client certificate by using the HttpWebRequest and HttpWebResponse classes in Microsoft Visual C# NET.
—source