Reputation: 785
Unique identification of a certain computer
i have following scenario and can't seem to find anything on the net, or maybe i am looking for the wrong thing:
i am working on a webbased data storage system. there are different users and different places and only certain users are allowed to access certain parts of the system. now, we do not want them to connect to these parts from at home or with a different computer than they are using at their work-place (there are different reasons for that).
now my question is: if there is a way to have the work-place-pc identify itself to the server in some way over the browser, how can i do that? oh and yes, it is supposed to be webbased.
i hope i explained it so everyone understands. thnx for your replies in advance.
... dg
Upvotes: 0
Views: 882
Answers (5)
Reputation: 51
I agree with Lenni... IP address is a possible solution if they are static or the DHCP server consistently assigns the same IP address to the same machine.
Alternatively, you might also consider authentication via "personal certificates" ... that's what they are referred to in Firefox, don't know it that's the standard name or not. (Obviously I haven't worked with these before.)
Basically they are SSL or PKI certificates that are installed on the client (user's) machine that identify that machine as being the machine it says it is -- that is, if the user tries to connect from a machine that doesn't have a certificate or doesn't have a certificate that you allow, you would deny them.
I don't know the issues around this ... it might be relatively easy for the same user to take the certificate off one computer and install it on another one with the correct password (i.e. it authenticates the user), or it might be keyed specifically to that machine somehow (i.e. it authenticates the machine). And a quick google search didn't turn up any obvious "how to" instructions on how it all works, but it might be worth looking into.
---Lawrence
Upvotes: 1
Reputation: 49534
There are only a few of REAL solutions to this. Here are a couple:
- Use domain authentication, and disallow users who are connecting over a VPN.
- Use known IP ranges to allow or disallow access.
Upvotes: 1
Reputation: 5246
If it's supposed to be web-based (and by that I mean that the web server should be able to uniquely identify the user's machine), then you choices are limited: per se, there's nothing you can obtain from the browser's headers or request body that allows you to identify the machine. I suppose this is by design, due to the obvious privacy implications.
There are choices though, none of which pain-free: you could use an ActiveX control, which however only runs on Windows (and not on all browsers I think) and requires elevated privileges. You could think of a Firefox plug-in (obviously Firefox only). At any rate, a plain-vanilla browser will otherwise escape identification.
Upvotes: 1
Reputation: 93318
Since you're going web based you can:
Examine the remote host's IP Address (compare it against known internal subnets, etc)
During the authentication process, you can ping the remote IP and take a look at the TTL on the returned packets, if it's too low, then the computer can't be from the local network. (of course this can be broken, but it's just 1 more thing)
If you're doing it over IIS, then you can integrate into SSO (probably the best if you can do it)
Upvotes: 1
Related Questions
- What's a good way to uniquely identify a computer?
- Unique computer ID
- Is there really any way to uniquely identify any computer at all
- How to generate a System (PC/Laptop) Hardware unique ID in C#?
- How to uniquely identify a computer?
- how can I Uniquely identify a computer
- Is there some uniqueID of each computer, to differentiate one from other?
- Unique computer ID hardware based in Java
- Uniquely identify PC based on software/hardware
- Ideas on how to uniquely identify a computer?